Linus Henze publishes a PoC for CVE-28206, a kernel bug fixed in iOS 16.4.1.
Linus Henze, the talented hacker who created the Fugu15 jailbreak for arm64e devices running iOS and iPadOS 15.0-15.4.1, just this week shared a proof of concept (PoC) security vulnerability dubbed CVE-2023-28206, which Apple patched in a release. iOS and iPadOS 16.4.1.
Henze announced his PoC in a bright and early Monday morning via Twitter, as shown above, where he linked to a GitHub page showing off his methodology and result.
CVE-2023-28206 was reported to Apple by Clément Lesigne of the Google Threat Intelligence Team and Donncha O Cirbhail of the Amnesty International Security Lab. As Apple notes on the security content page for iOS and iPadOS 16.4.1, a firmware update that Apple released last week, the vulnerability is related to IOSurfaceAccelerator and could allow arbitrary code execution at the kernel level for any installed application.
While the vulnerability exists in iOS and iPadOS 16.4 and earlier for iPhone 8 and later, it’s worth noting that it’s unlikely to lead to a public release of a jailbreak. This is because Apple has beefed up security in recent firmware releases, especially on newer devices, through means such as PAC and PPL. These extra layers of security require additional workarounds for the jailbreak to work, which complicates things and adds a bit more work to the jailbreak developers.
Either way, it’s still great to see Henze dropping Easter eggs from time to time, as they’ve been known to help the jailbreak community. For example, TrollStore developer opa334 is currently trying to make Fugu15 a public jailbreak. This work is currently called Fugu15 Max, but it is expected to go by a different name by the time it becomes available to the general public outside of the beta testing period.
Anyone interested in viewing Linus Henze’s recently released PoC can head over to his GitHub page to see more.
Are you excited to see what will become of Henze’s latest proof of concept? Be sure to let us know in the comments section below.
Leave a Reply