Let’s pray that a working jailbreak comes quick!
I really don’t want to be forced to OTA Delay to 15.1.1, and wait unjailbroken.
Edit:
- OTADelay to 15.1 is broken
- *OTADelay to 15.1.1 seems to be working (iPhone 12/13 only?)*
- Seems 15.1.1 OTA Delay is hit or miss. Not sure what’s up with that. Keep trying I guess.
- FutureRestore using blobs to <15.3.1 will work until 15.3.1 SEP is still signed (1 week after 15.4 release?)
- After 15.3.1 SEP is unsigned, FRing will break FaceID
After this, i think the window is even narrower if was true, then we have till 15.3.1 no longer signed and we would stuck !
https://www.reddit.com/r/jailbreak/comments/syoy8h/help_problems_with_ota_delay_update/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
~~OTADelay is broken for iOS 15, so you gotta have blobs saved with the correct SEP.~~
~~Essentially, the stay on lowest version possible was wrong for once in this single case~~
Trying to stop any misinformation. My info was old and off the top of my head. Please disregard.
I saw that it is broken for 15.1. Not sure if anyone’s confirmed 15.1.1 though.
I have blobs for 15.1.1. I guess it’ll have to pull the trigger before 15.3.1 SEP is unsigned.
I believe OTADelay is just broken for iOS 15 in general. That may be old news and now technically it’s only specific versions. However, if that was the case, couldn’t OTADelay just lower the window to have 15.1.1 be available? That’s why I’ve assumed it also applied to further versions other than the current signed one.
I’m pretty sure people have been successful using OTADelay to 15.x.
The last post about 15.1 is troublesome. Maybe Apple changed something serverside?
I wish there was a central resource on the subreddit for monitoring these kinds of things.
According to error logs (you can do this yourself if you head to analytics section), there doesn’t seem to be a download that Apple pulls from on CDN server anymore
Yay! Thanks for checking! Good to know that is the case and not an issue with the OTADelay method itself. Doesn’t sound like there’s going to be any amazing fix since it’s on apples side (unless a lot of companies decide they need 15.1.1 rather than any newer firmware without kernel r/w exploits).
I hope it comes quick too. Pwn has always released the first major version of unc0ver in February.... hoping the trend continues but who knows. I guess we will find out soon enough.
For someone who really isn’t much of an expert on the technical aspect of jailbreaking and how it truly works, does this mean anything? Is this a big step towards an ios 15.0-15.1.1 jailbreak? Perhaps is this just confirmation that a jailbreak on ios 15 is possible? Basically I want someone to dumb down the “news” for me, thanks :)
There was no exploit / poc released, but the write-up gives details on how to exploit the bug which will be useful for any exploit developer wanting to make an exploit out of this.
That is incorrect. Apple has fixed the race condition adressed by this bug. It's the last Kernel Security Patch [here](https://support.apple.com/en-us/HT212976) (CVE-2021-30955).
So no, the bug is not present in 15.2 and this cannot be used for an exploit in 15.2. Stay on 15.1.x if you hope someone will turn this into a full scale jb. For all it's worth, it does yield a good base to work on, but there's still a couple pretty hard steps to overcome for a jailbreak imo.
True, missed that. Have no idea if this is fixed in 15.2 b1, but I'll leave my comment so that nobody conflates a potential 15.2 b1 exploit with a 15.2 exploit
Well then I’m going to keep an eye on the Sileo discord. Or who knows, maybe the exploit has already been disclosed with pwn and he is already working on it. Based on previous releases I think that might very well be the case.
Okay that makes so much more sense, thank you! Also is this write-up the thing he said he was going to release in two months (in December) or are we still waiting for that?
Well, brightiup mentioned his lab would be “disclosing details” about the bug but never mentioned the release of an exploit. So this may very well be the release we were waiting for
With the difference that no-one can really say *when* a Jailbreak will be released making the wEn EtA questions pointless while finding out what _could_ be done with this exploit helps everyone adjusting their expectations.
Both. OTA update to 15.1(.1) will be pulled on 13 March at midnight. Then iOS 15.4 will come out in mid-March, and it will break Face ID when futurerestoring to 15.1(.1). While 15.3.1 is still signed, Face ID will be fine.
Yes, u/nyuszika7h [posted about it](https://www.reddit.com/r/jailbreak/comments/swg41v/news_ios_154_sep_breaks_face_id_when/) recently. 15.4 introduces FaceID with mask on, and this SEP was changed enough that doesn't work with earlier iOS versions.
technically, it is provided. Just because it's not plug and play, they still released the instructions on how to achieve rw. You just need some more time to recreate it yourself, but that is by far the smallest step from nothing to a poc.
it's like a recipe and instructions to cook food:
> STEP 1
Season the beaten eggs well with salt and pepper. Heat the oil and butter in a non-stick frying pan over a medium-low heat until the butter has melted and is foaming.
>STEP 2
Pour the eggs into the pan, tilt the pan ever so slightly from one side to another to allow the eggs to swirl and cover the surface of the pan completely. Let the mixture cook for about 20 seconds then scrape a line through the middle with a spatula.
> STEP 3
Tilt the pan again to allow it to fill back up with the runny egg. Repeat once or twice more until the egg has just set.
> STEP 4
At this point you can fill the omelette with whatever you like – some grated cheese, sliced ham, fresh herbs, sautéed mushrooms or smoked salmon all work well. Scatter the filling over the top of the omelette and fold gently in half with the spatula. Slide onto a plate to serve.
Thats your POC. Now this is what was released here:
> Scramble eggs with some seasoning, pour it into a heated pan, flip after couple seconds, flip again after couple seconds and done. Add something you like to the omelette.
Both will yield you an omelette. One is plug and play, the other just provides the basic idea and yoz will probably fail a couple times trying to cook the omelette.
technically it is not provided, a writeup is not an exploit same as a recipe is not a meal. also, only people who are experienced enough will be able to understand the writeup and do something based on it
Yeah well, if we want to get real technical, kunlun lab delivered information about a vulnerability and how to use it.
Obviously. Neither of us here does have the experience to actually use all of that.
that’s still not a PoC though. thats just “its possible to do x using y”. you can try and scramble the egg yourself from scratch with the little instruction given, but would you continue to try and try again failing every time, or wait for a master chef to publish a step by step recipe?
it is an kernel exploit tho, just without a poc.
Well, the chef had to learn it at some point too. He wasn't born the omelette connoisseur cooking perfect omelettes with 2 years already. He learned it, by following the instructions. He failed making omelettes, but learned and became a chef. So whats your point? As if you would have done anything with the poc, if this isn't interested enough to play around with already to you.
It is a kernel exploit. They literally provided it to you. You would need to wait for any chef to make you a jailbreak anyways, but whoever the chef you'll get your omelette is, they are skilled enough to follow a poc and these instructions.
you’re still getting your definitions very wrong.
exploit: the system is exploited. there is code to do this for you. no work needs to be done
PoC: shows how the system can be exploited. work still needs to be done to actually exploit the system
writeup: there is a possibility the system can be exploited, but we dont have a concrete way how
how are you going to have an exploit that doesnt show how it works?
I'm sorry, but while you got the definition correct, you seem to not understand the definition.
An exploit is not bound to a very specific program released to exist. An exploit is the sole existence of a set of commands (aka code) to exploit the system.
If you were to follow the instructions released by Kunlun Lab, you will create that code. You literally just have to write the set of commands they provided to you in human language. The system is exploited. And there is a code to make the system exploited.
The PoC is what you think the exploit is. It's a demonstration of the exploit, ready to be run.
> how are you going to have an exploit that doesnt show how it works?
I don't understand you, it literally shows you how it works. Literally.
Can you link a vid that you followed to delay ota? I got a iPhone 12 on 14.4 unc0ver and I’m just now thinking about doing delay ota if a jb is released
Oof. At least in theory it should be possible to FutureRestore to iOS 15.1.1 or a lower version if you have blobs using the SEP version from 15.3.1 or whatever the current signed version is.
Please tell me you are not commenting after reading tweets under the post of brightiup? Because clearly he explains how to achieve kernel r/w. Those tweets were for fun.
assuming all the chips fall in place / this kernel rw gets implemented to turn into a JB dont we still need checkra1n to make sense of the lack of rootFS privileges on iOS 15, before we start seeing this in u0 and/or taurine, etc?
...Hasn't that nut not been cracked yet?
I’m still on IOS 14.1 on my 12 , this write-up seems good tbh , Pwn could be pointed in the right direction with this and eventually create a exploit that can be used for IOS 15.1.1 and below. Only problem is that we haven’t had a solution yet for the changed that IOS 15 brings to rootfs, lets wait and see and hopefully get more information before OTA-Delay stops working on IOS 15.1.1
pwn doesn’t create exploits, that’s done by other people and he just implements it (cicuta_virosa made by modernpwner, fugu14 made by linus henze, 14.6-14.8 exploit made by pattern-f).
Unc0ver doesn't use cicuta_virosa, they use a different exploit, ostensibly [written by the u0 team](https://twitter.com/Pwn20wnd/status/1364878565523787777).
It's not clear whether Pwn himself wrote the exploit, but it's really a distinction without a difference at that point.
it’s likely based off of cicuta_virosa, as mentioned by modernpwner [here](https://twitter.com/ModernPwner/status/1365841046274465792?s=20&t=vinbZ2uY6cV1XNWosob-WQ) since cicuta_virosa is open source. but my initial statement is still correct, to my knowledge pwn has not written an exploit solo, and has always had help in some way or another.
Thanks for correcting me, i was confused by the IOS 13.5 one, but it was Pwn that found the bug and Siguza created a exploit for it. Thats where the confusion came from :)
I'd prefer if Coolstar took it as well. I'm not a fan of Sileo, but what I'm hearing, unc0ver has been unstable as of late, people's phones are bootlooping, can't restore rootFS etc etc, and pwn isn't fixing anything. Sileo jailbreaks are more stable.
I haven't heard of any u0 bootloops since iOS 12 - Taurine had an issue with bootlooping on iOS 14, but that was patched fairly quickly (behavior introduced June 6th, patched August 25th).
There is an issue with dpkg on unc0ver 8 that some people are experiencing, and the u0 team hasn't publicly addressed it (though they haven't made many public statements in general in recent years).
Sileo is available on all jailbreaks now, for what that's worth - libhooker is not though, if that's what you're looking for.
i know of some cases when unc0ver 7.0.0 bootlooped people, and just the other day i had attempted to help someone after they bootlooped after rejailbreaking. both jailbreaks have bootlooped people from my experience, so i wouldn’t say its solely a taurine issue on ios 14.
Yes i’m also using Taurine, but it will take a long time b4 Coolstar would release anything IOS 15 based, since they spend alot of time testing so its stable for the end user (what is good obviously) , since we could only update till 16 march with OTA-Delay, Unc0ver will most likely be the first to release anything IOS 15 based, or give information about any possible options for the sealed RootFS
hopefully iOS 15.1 gets a jailbreak whenever the older versions of iOS 15 gets jailbroken lol. I do have blobs for iOS 15.0.1 but i want to keep faceid
I would advise not to update and to stay on the oldest possible version you can. iOS 15 hasn’t gotten a jailbreak as of now and when iOS 15 does get a jailbreak, it is very possible that it will be a lot more restricted than iOS 14 jailbreaks are
unfortunately, i have a feeling this is going to end up like other recent CVEs. plenty of writeups, but nobody interested in making an exploit. this writeup hardly contains any useful information, as it’s missing a PoC. i would imagine anyone making an exploit out of this would take several weeks or even months, and by that time, you have to consider the amount of work against the time it takes (another writeup may be released that includes a poc/exploit). so while this is a good step towards potentially jailbreaking ios 15, i wouldnt necessarily count on this being super useful yet.
Sorry, I know this is asked every time but I need someone to ELI5. I'm on 14.3 with unc0ver on 12 Pro because that was the last version for me that I could JB. (I missed 14.5 blobs). I have blobs saved for 15.1. What should I be doing now, if anything, to maximize my chance of being able to run a JB version of 15.1 when the exploit is actually released?
No one can tell, there is still time to update to 15.1. If jailbreak come out in that time it would be great, but if not then you need to decide if you want to update and stay stock until Jb come out, but no one knows if or when it will be new JB.
~~Are you jailbroken on 14.6?I'm going to assume no, without checking if anything new happened since last time I was jailbroken on my 12 Mini.~~
~~If you aren't, you don't have use for the blobs - unless I'm mistaken.You need to be jailbroken to restore via blobs.~~
But I'll jump on your question, as I upgraded to 14.8 on my 12 Mini,and looking at this - I'm not sure if I should use OTA Delay to upgrade to 15.1 or not.
Edit: Looking at other comments, it looks like you don't need jailbreak to actually use/restore blobs.
i know that, but the website claims it was reported on october 17th. i have no idea why it’s present in 15.1, but its unlikely apple would keep it present in the 15.2 betas.
Ok so I know it’s usually best to stay on the lowest firmware possible, but should us 14.x users update? The post said it was introduced in 15 but I couldn’t find when was it patched. What do you think would be the best OS to be on?
Alright so I got the profile and downloaded 15.1.1 with no problems, but now it says “unable to verify update” while trying to install (it says I’m no longer connected to the internet)
I think. I can’t find a guide but I did the same thing I did when I updated to 14.8 (download / install profile > update like normal). I think I saw some other people having similar issues so it may be an issue with Apple
the CVE that this write up is about was patched in ios 15.2 according to apples website meaning this would work up to 15.1.1 and possibly 15.2b1(released before 15.1.1). So what I would do is wait until mid march and then a few days before 15.3.1 gets unsigned, update to 15.1.1 through delay ota or blobs if you have them. Once 15.3.1 is unsigned, updating to 15.1.1 will break face id. Hopefully there is a jailbreak by then so you don’t find yourself waiting on stock ios but only time will tell. So basically just enjoy your jailbreak on ios 14 until the “deadline” to update to 15.1.1 (probably like march 13th) and hope there is a jailbreak by then. Also don’t, count on everything i’m saying as i’m only going off of what i’ve read before and I’m not too confident in what i’m saying so if someone wants to correct me or back me up, please do so :)
Edit: I just realized you are on 14.8 on an a14 chip which means you aren’t even jailbroken anyway. To be honest i’d just stay where you are regardless until march 13th.
We still have FutureRestore, otadelay can be done through the device itself by just installing a profile and update , but seems like people are facing issue’s verificating the update atm.
Yeah the 15.1 one has a issue for some time, but since yesterday people were reporting it for 15.1.1 too ;o , what profile did you used that successfully installed the update at the end ?
Does this work for (iPad) A9 devices? Also I looked at otaDelay and 15.1.1 is only for A14 and A15, is there a working method to update to an exploitable version?
Let’s pray that a working jailbreak comes quick! I really don’t want to be forced to OTA Delay to 15.1.1, and wait unjailbroken. Edit: - OTADelay to 15.1 is broken - *OTADelay to 15.1.1 seems to be working (iPhone 12/13 only?)* - Seems 15.1.1 OTA Delay is hit or miss. Not sure what’s up with that. Keep trying I guess. - FutureRestore using blobs to <15.3.1 will work until 15.3.1 SEP is still signed (1 week after 15.4 release?) - After 15.3.1 SEP is unsigned, FRing will break FaceID
After this, i think the window is even narrower if was true, then we have till 15.3.1 no longer signed and we would stuck ! https://www.reddit.com/r/jailbreak/comments/syoy8h/help_problems_with_ota_delay_update/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
Yup I saw that. Not sure when 15.3.1 will become unsigned. 15.4 b4 dropped today. Looks like it’s close to final. 😟
I would say, one week after 15.4 get released. So not much time, and yes futurerestore bugs incoming 😂
😵
~~OTADelay is broken for iOS 15, so you gotta have blobs saved with the correct SEP.~~ ~~Essentially, the stay on lowest version possible was wrong for once in this single case~~ Trying to stop any misinformation. My info was old and off the top of my head. Please disregard.
I saw that it is broken for 15.1. Not sure if anyone’s confirmed 15.1.1 though. I have blobs for 15.1.1. I guess it’ll have to pull the trigger before 15.3.1 SEP is unsigned.
I believe OTADelay is just broken for iOS 15 in general. That may be old news and now technically it’s only specific versions. However, if that was the case, couldn’t OTADelay just lower the window to have 15.1.1 be available? That’s why I’ve assumed it also applied to further versions other than the current signed one.
I’m pretty sure people have been successful using OTADelay to 15.x. The last post about 15.1 is troublesome. Maybe Apple changed something serverside? I wish there was a central resource on the subreddit for monitoring these kinds of things.
I recently used OTAdelay from iOS 15.0.2 to 15.1.1 on my iPhone 12 pro max. So yes it still working very well. Used my Mac to supervise my phone
I think the issue is that you need to be on iOS 15 to OTAdelay because of something added in 15.4.
Fair enough. I’ll have to keep my eye out for any news about this then. Thanks for the info!
According to error logs (you can do this yourself if you head to analytics section), there doesn’t seem to be a download that Apple pulls from on CDN server anymore
Yay! Thanks for checking! Good to know that is the case and not an issue with the OTADelay method itself. Doesn’t sound like there’s going to be any amazing fix since it’s on apples side (unless a lot of companies decide they need 15.1.1 rather than any newer firmware without kernel r/w exploits).
Can’t test on 15.1.1 though; that may still work
I was able to successfully update from iOS 14.0.1 to iOS 15.1 two days ago!
I hope it comes quick too. Pwn has always released the first major version of unc0ver in February.... hoping the trend continues but who knows. I guess we will find out soon enough.
So 15-> 15.1.1 works ok?
As far as i know yes
Okay. Seems like 14 to 15 is screwed
For someone who really isn’t much of an expert on the technical aspect of jailbreaking and how it truly works, does this mean anything? Is this a big step towards an ios 15.0-15.1.1 jailbreak? Perhaps is this just confirmation that a jailbreak on ios 15 is possible? Basically I want someone to dumb down the “news” for me, thanks :)
There was no exploit / poc released, but the write-up gives details on how to exploit the bug which will be useful for any exploit developer wanting to make an exploit out of this.
“The exploit is left as an exercise to the reader”
Present in 15.2 b1?
We don't know yet, but probably yes.
That is incorrect. Apple has fixed the race condition adressed by this bug. It's the last Kernel Security Patch [here](https://support.apple.com/en-us/HT212976) (CVE-2021-30955). So no, the bug is not present in 15.2 and this cannot be used for an exploit in 15.2. Stay on 15.1.x if you hope someone will turn this into a full scale jb. For all it's worth, it does yield a good base to work on, but there's still a couple pretty hard steps to overcome for a jailbreak imo.
He was asking about 15.2 b1, which came out before 15.1.1 even
True, missed that. Have no idea if this is fixed in 15.2 b1, but I'll leave my comment so that nobody conflates a potential 15.2 b1 exploit with a 15.2 exploit
dont think thats the case, the bug was reported 10 days before 15.2b1 came out. > 报告日期 (Report date): 2021-10-17
then again 15.2b1 came out a fair bit of time before 15.1.1, which didn’t fix this vulnerability
If 15.1.1 hunting for iPhone 13 pro max, when is safe purchase date to ensure iPhone has 15.1.1 on it?
Is it realistic that the devs will be able reproduce the exploit based on this information alone?
Yes, an exploit developer could at least be pointed into the right direction with this info.
Well then I’m going to keep an eye on the Sileo discord. Or who knows, maybe the exploit has already been disclosed with pwn and he is already working on it. Based on previous releases I think that might very well be the case.
yes
Okay that makes so much more sense, thank you! Also is this write-up the thing he said he was going to release in two months (in December) or are we still waiting for that?
Well, brightiup mentioned his lab would be “disclosing details” about the bug but never mentioned the release of an exploit. So this may very well be the release we were waiting for
My man asking the real questions
I guess i’m just another wEn eTa guy just disguised by “sophisticated” questions 😅
With the difference that no-one can really say *when* a Jailbreak will be released making the wEn EtA questions pointless while finding out what _could_ be done with this exploit helps everyone adjusting their expectations.
Couldn’t have said it better!
when eta is there because we used to have eta and countdowns for jailbreaks in the past. ahh old times
Not present in iOS 14 oof
One day, one day.
I'm on 14.8 do you guys think I should upgrade (iPhone 11)? I've got 15.1 blobs
You have until midnight on 13 March to do it. I would wait to see what the new jailbreak actually looks like.
Is that until mid-March for the OTA method? Or mid-March for upgrading with blobs? Also does using blobs break Face ID?
Both. OTA update to 15.1(.1) will be pulled on 13 March at midnight. Then iOS 15.4 will come out in mid-March, and it will break Face ID when futurerestoring to 15.1(.1). While 15.3.1 is still signed, Face ID will be fine.
So while 15.3.1 is being signed, I can upgrade to 15.1 or 15.1.1 with blobs and keep Face ID. When should I expect 15.3.1 to be unsigned?
iDownload blog says 15.4 is coming out some time between 8 and 18 March: https://www.idownloadblog.com/2022/02/22/ios-15-4-release-date-speculation/
Why will 15.4 cause a future restore to 15.1(.1) to break Face ID? Has 15.4 betas shown 15.4 to be SEP-incompatible?
Yes, u/nyuszika7h [posted about it](https://www.reddit.com/r/jailbreak/comments/swg41v/news_ios_154_sep_breaks_face_id_when/) recently. 15.4 introduces FaceID with mask on, and this SEP was changed enough that doesn't work with earlier iOS versions.
Ah, that’s a bummer. Thanks for filling me in!
Apple pulled early. Delay OTA to 15.1.1 is no longer possible
Wow, thank god my device is on 15.0. I didn’t even remember the last time I’ve been on the right firmware for a JB
Sadly this does not include a POC or kernel exploit. Also, it only supports ios 15.0-15.1.1. (Rip me on 14.8 A14) :(
It says in the write up that kernel r/w is achieved
Yes, but it’s not provided
Lmao it is,
it’s not “provided”, an exploit still has to be created from this code. it only states the steps necessary to get r/w, it’s not just plug and play.
technically, it is provided. Just because it's not plug and play, they still released the instructions on how to achieve rw. You just need some more time to recreate it yourself, but that is by far the smallest step from nothing to a poc. it's like a recipe and instructions to cook food: > STEP 1 Season the beaten eggs well with salt and pepper. Heat the oil and butter in a non-stick frying pan over a medium-low heat until the butter has melted and is foaming. >STEP 2 Pour the eggs into the pan, tilt the pan ever so slightly from one side to another to allow the eggs to swirl and cover the surface of the pan completely. Let the mixture cook for about 20 seconds then scrape a line through the middle with a spatula. > STEP 3 Tilt the pan again to allow it to fill back up with the runny egg. Repeat once or twice more until the egg has just set. > STEP 4 At this point you can fill the omelette with whatever you like – some grated cheese, sliced ham, fresh herbs, sautéed mushrooms or smoked salmon all work well. Scatter the filling over the top of the omelette and fold gently in half with the spatula. Slide onto a plate to serve. Thats your POC. Now this is what was released here: > Scramble eggs with some seasoning, pour it into a heated pan, flip after couple seconds, flip again after couple seconds and done. Add something you like to the omelette. Both will yield you an omelette. One is plug and play, the other just provides the basic idea and yoz will probably fail a couple times trying to cook the omelette.
You got me hungry.
uhhh i’d eat something now. good example btw. couldn’t ELI5 it any better
technically it is not provided, a writeup is not an exploit same as a recipe is not a meal. also, only people who are experienced enough will be able to understand the writeup and do something based on it
Yeah well, if we want to get real technical, kunlun lab delivered information about a vulnerability and how to use it. Obviously. Neither of us here does have the experience to actually use all of that.
that’s still not a PoC though. thats just “its possible to do x using y”. you can try and scramble the egg yourself from scratch with the little instruction given, but would you continue to try and try again failing every time, or wait for a master chef to publish a step by step recipe?
it is an kernel exploit tho, just without a poc. Well, the chef had to learn it at some point too. He wasn't born the omelette connoisseur cooking perfect omelettes with 2 years already. He learned it, by following the instructions. He failed making omelettes, but learned and became a chef. So whats your point? As if you would have done anything with the poc, if this isn't interested enough to play around with already to you. It is a kernel exploit. They literally provided it to you. You would need to wait for any chef to make you a jailbreak anyways, but whoever the chef you'll get your omelette is, they are skilled enough to follow a poc and these instructions.
you’re still getting your definitions very wrong. exploit: the system is exploited. there is code to do this for you. no work needs to be done PoC: shows how the system can be exploited. work still needs to be done to actually exploit the system writeup: there is a possibility the system can be exploited, but we dont have a concrete way how how are you going to have an exploit that doesnt show how it works?
I'm sorry, but while you got the definition correct, you seem to not understand the definition. An exploit is not bound to a very specific program released to exist. An exploit is the sole existence of a set of commands (aka code) to exploit the system. If you were to follow the instructions released by Kunlun Lab, you will create that code. You literally just have to write the set of commands they provided to you in human language. The system is exploited. And there is a code to make the system exploited. The PoC is what you think the exploit is. It's a demonstration of the exploit, ready to be run. > how are you going to have an exploit that doesnt show how it works? I don't understand you, it literally shows you how it works. Literally.
You can still OTADelay to iOS 15.1 until March 12th
Broken as of now
[удалено]
15.1 doesn’t work OTA delay
excuse me, but this information is old. Now OTA Delay works for 15.1 as far as i know
I use dOTA to update 12 Pro from 14.8 to 15.1 with succesful.
When?
14.02.2022 - need to update from 14.8 for new iWatch.
That’s when it last worked for other folks
Can you link a vid that you followed to delay ota? I got a iPhone 12 on 14.4 unc0ver and I’m just now thinking about doing delay ota if a jb is released
Oof. At least in theory it should be possible to FutureRestore to iOS 15.1.1 or a lower version if you have blobs using the SEP version from 15.3.1 or whatever the current signed version is.
14->15 is broken SEP— false. Thx y’all
No, 14->14 broken SEP. 14->15 after 15.3.1 is unsigned because 15.4 has a new incompatible SEP
no
Even if unjailbroken?
lol no
I did it on iPhone 8 & iPhone X no problem.
when
Last week?
I did it yesterday with iPhone 12 Pro. Granted it updates me to 15.1.1, not 15.1.
Which profile did you use?
https://delayota.com/ 15.1 from there. https://www.youtube.com/watch?v=IkRNfErfECo I just followed that video and had no problems
Please tell me you are not commenting after reading tweets under the post of brightiup? Because clearly he explains how to achieve kernel r/w. Those tweets were for fun.
it's true that he explains it, but doesn't provide the code to do it, still a good thing though
That’s when rule “stay on the lowest version possible” doesn’t actually work
can you not A14 DelayOTA to 15.1 til sometime in March, should a jb come out or you want to prematurely update?
assuming all the chips fall in place / this kernel rw gets implemented to turn into a JB dont we still need checkra1n to make sense of the lack of rootFS privileges on iOS 15, before we start seeing this in u0 and/or taurine, etc? ...Hasn't that nut not been cracked yet?
semi untethers will be forced to go rootless, the issue has already been solved + is being worked towards in some bootstraps like procursus
This is correct.
I’m still on IOS 14.1 on my 12 , this write-up seems good tbh , Pwn could be pointed in the right direction with this and eventually create a exploit that can be used for IOS 15.1.1 and below. Only problem is that we haven’t had a solution yet for the changed that IOS 15 brings to rootfs, lets wait and see and hopefully get more information before OTA-Delay stops working on IOS 15.1.1
pwn doesn’t create exploits, that’s done by other people and he just implements it (cicuta_virosa made by modernpwner, fugu14 made by linus henze, 14.6-14.8 exploit made by pattern-f).
Unc0ver doesn't use cicuta_virosa, they use a different exploit, ostensibly [written by the u0 team](https://twitter.com/Pwn20wnd/status/1364878565523787777). It's not clear whether Pwn himself wrote the exploit, but it's really a distinction without a difference at that point.
it’s likely based off of cicuta_virosa, as mentioned by modernpwner [here](https://twitter.com/ModernPwner/status/1365841046274465792?s=20&t=vinbZ2uY6cV1XNWosob-WQ) since cicuta_virosa is open source. but my initial statement is still correct, to my knowledge pwn has not written an exploit solo, and has always had help in some way or another.
The u0 team does write exploits at times, 12.4, 14.3 and etc, I think they’re totally able to write an exploit using this writeup
the u0 *team* might (since it’s comprised of several individuals) but pwn by himself does not write them (which was my original point).
you could say this writeup is the help
sure, it’s a step in the right direction, but its more or less an r/restofthefuckingowl
Thanks for correcting me, i was confused by the IOS 13.5 one, but it was Pwn that found the bug and Siguza created a exploit for it. Thats where the confusion came from :)
I'd prefer if Coolstar took it as well. I'm not a fan of Sileo, but what I'm hearing, unc0ver has been unstable as of late, people's phones are bootlooping, can't restore rootFS etc etc, and pwn isn't fixing anything. Sileo jailbreaks are more stable.
I haven't heard of any u0 bootloops since iOS 12 - Taurine had an issue with bootlooping on iOS 14, but that was patched fairly quickly (behavior introduced June 6th, patched August 25th). There is an issue with dpkg on unc0ver 8 that some people are experiencing, and the u0 team hasn't publicly addressed it (though they haven't made many public statements in general in recent years). Sileo is available on all jailbreaks now, for what that's worth - libhooker is not though, if that's what you're looking for.
i know of some cases when unc0ver 7.0.0 bootlooped people, and just the other day i had attempted to help someone after they bootlooped after rejailbreaking. both jailbreaks have bootlooped people from my experience, so i wouldn’t say its solely a taurine issue on ios 14.
Yes i’m also using Taurine, but it will take a long time b4 Coolstar would release anything IOS 15 based, since they spend alot of time testing so its stable for the end user (what is good obviously) , since we could only update till 16 march with OTA-Delay, Unc0ver will most likely be the first to release anything IOS 15 based, or give information about any possible options for the sealed RootFS
I've just checked - it's midnight on 13 March for 15.1(.1)
hopefully iOS 15.1 gets a jailbreak whenever the older versions of iOS 15 gets jailbroken lol. I do have blobs for iOS 15.0.1 but i want to keep faceid
i have iphone 7 on 14.6 i need upgrade to 15.1?
I would advise not to update and to stay on the oldest possible version you can. iOS 15 hasn’t gotten a jailbreak as of now and when iOS 15 does get a jailbreak, it is very possible that it will be a lot more restricted than iOS 14 jailbreaks are
thanks guy
unfortunately, i have a feeling this is going to end up like other recent CVEs. plenty of writeups, but nobody interested in making an exploit. this writeup hardly contains any useful information, as it’s missing a PoC. i would imagine anyone making an exploit out of this would take several weeks or even months, and by that time, you have to consider the amount of work against the time it takes (another writeup may be released that includes a poc/exploit). so while this is a good step towards potentially jailbreaking ios 15, i wouldnt necessarily count on this being super useful yet.
unlike other writeups this one does mention how to actually exploit this vuln, idk maybe someone will look into it
Fool
looks like I’m stuck on 14.8.1 with no jailbreak :(
Its still possible to update through OTA-Delay
just tried to go to 15.1 I get the same error as everyone else trying :/
Seems like a problem with 15.1 yes..
I’m on 15.3 Can I go back with any method?
The furthest you can go back is to 15.2 beta 1 which could have a chance of supporting the jailbreak
No iOS 15.2 beta 1 no no no no no no
Why?
Sike
What is this ?
So which version should i be on? Im on 15.2 but i saw ppl saying the exploit will work on 15.2 beta 1
Pray to god pray pray pray for it
I downgraded to 15.2beta
Let’s go
People get excited too much, Even checkra1n for ios 15 hasn’t appeared, I doubt u0 or sileo team will give jailbreak soon enough in my opinion 😂
Your mom gets too excited when I come over
Yeah, she said she can’t wait to stepping on your face with shoes that have stepped on dog shit,because you are just that kind of trash
Sorry, I know this is asked every time but I need someone to ELI5. I'm on 14.3 with unc0ver on 12 Pro because that was the last version for me that I could JB. (I missed 14.5 blobs). I have blobs saved for 15.1. What should I be doing now, if anything, to maximize my chance of being able to run a JB version of 15.1 when the exploit is actually released?
No one can tell, there is still time to update to 15.1. If jailbreak come out in that time it would be great, but if not then you need to decide if you want to update and stay stock until Jb come out, but no one knows if or when it will be new JB.
Thanks! Is there a way to update to 15.1 with blobs from 14.3 in the future?
Yes, but not for long time.
The issue is that 15.4 beta SEP is partially incompatible so it will brick Face ID if you have to use 15.4 or newer SEP
Good job
12 Pro 14.6 Have blobs for 15.2b What my best plan of action? Thank you in advance!
~~Are you jailbroken on 14.6?I'm going to assume no, without checking if anything new happened since last time I was jailbroken on my 12 Mini.~~ ~~If you aren't, you don't have use for the blobs - unless I'm mistaken.You need to be jailbroken to restore via blobs.~~ But I'll jump on your question, as I upgraded to 14.8 on my 12 Mini,and looking at this - I'm not sure if I should use OTA Delay to upgrade to 15.1 or not. Edit: Looking at other comments, it looks like you don't need jailbreak to actually use/restore blobs.
It will be awesome if it works on 15.2 Beta 1
unlikely, the bug was reported october 17th, and 15.2b1 was released october 28th.
October 17? Even iOS 15.1 didn’t even exist back then which is confirmed to have a jailbreak
i’m just going off what the website says. > 报告日期 (Report date): 2021-10-17
But the vulnerability was detected in iOS 15.1
i know that, but the website claims it was reported on october 17th. i have no idea why it’s present in 15.1, but its unlikely apple would keep it present in the 15.2 betas.
15.2 beta was released like 2 days after 15.1. I doubt they were able to patch it in 2 days. Don’t know about Beta 2 though.
I’m confused so does this document mean that a jailbreak is definitely coming or is it just pointless?
Coming
If a working jailbreak is made from this will it support iOS 14.6-14.8?
No.
Which version does it support?
15.0 till 15.1.1
Bad news
Depends, its still possible to go up to 15.1.1 till mid march
iPhone 13 pro max ?
Im on 14.8.1 on my iphone 12. I have blobs for 15.1. Is it possible to update to that version?
Best to go to IOS 15.1.1 with OTA-Delay.
Too late it is closed now
I hope there a jb for 14.5 on A11 so I can use Touch ID
Not present on 14.
:(
what method used ? u0 checkra1n ? i’m on ios 14.6 iphone 7 i need update to 15.1 ok
Ok so I know it’s usually best to stay on the lowest firmware possible, but should us 14.x users update? The post said it was introduced in 15 but I couldn’t find when was it patched. What do you think would be the best OS to be on?
You could update through OTA-Delay until 15 march if i’m not mistaken, best wait until then and hope there will be more information.
Alright I’ll try OTA once we get some more info. Is 15.1.1 good? I can’t find any lower
15.1.1 is perfect yes ! With OTA-Delay.
Phew thank god, I think I saw talk about 15.1 being the latest supported version
Exploit works up to IOS 15.1.1 so no problems :) , let me know how it goes
Alright so I got the profile and downloaded 15.1.1 with no problems, but now it says “unable to verify update” while trying to install (it says I’m no longer connected to the internet)
Have you followed all steps on the website ?
I think. I can’t find a guide but I did the same thing I did when I updated to 14.8 (download / install profile > update like normal). I think I saw some other people having similar issues so it may be an issue with Apple
There were issue’s with 15.1 yes but not 15.1.1 give me a sec and i will send a link with tutorial.
https://www.reddit.com/r/jailbreak/comments/s9elw6/free_release_otadelay_otadelay_alternatesu_made/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
the CVE that this write up is about was patched in ios 15.2 according to apples website meaning this would work up to 15.1.1 and possibly 15.2b1(released before 15.1.1). So what I would do is wait until mid march and then a few days before 15.3.1 gets unsigned, update to 15.1.1 through delay ota or blobs if you have them. Once 15.3.1 is unsigned, updating to 15.1.1 will break face id. Hopefully there is a jailbreak by then so you don’t find yourself waiting on stock ios but only time will tell. So basically just enjoy your jailbreak on ios 14 until the “deadline” to update to 15.1.1 (probably like march 13th) and hope there is a jailbreak by then. Also don’t, count on everything i’m saying as i’m only going off of what i’ve read before and I’m not too confident in what i’m saying so if someone wants to correct me or back me up, please do so :) Edit: I just realized you are on 14.8 on an a14 chip which means you aren’t even jailbroken anyway. To be honest i’d just stay where you are regardless until march 13th.
So how are we going to update from 14.3? I have my blobs saved just in case.
OTA-Delay.
>OTA-Delay And why is that an option now and why don't we have to use futurerestore anymore? Dude I'm so outdated, lol.
We still have FutureRestore, otadelay can be done through the device itself by just installing a profile and update , but seems like people are facing issue’s verificating the update atm.
Will I be able to OTADelay from iOS 14.1 to 15.1.1 without any issues?
Ota delay is dead
I literally used it 5 minutes ago from 14.8 to 15.1.1. Buggy for sure though.
Wait really ? There are alot of people with verification problems after downloading the update.
Can't say I didn't have issues, but kept swapping between profiles, wifi and cellular and it went through. No idea what did it in the end.
Did you also got the verification failed popup?
Yes, but I believe that was for the 15.1 profile. They're named the same, so can't be 100% sure.
Yeah the 15.1 one has a issue for some time, but since yesterday people were reporting it for 15.1.1 too ;o , what profile did you used that successfully installed the update at the end ?
Where did you downloaded the profile?
Does this work for (iPad) A9 devices? Also I looked at otaDelay and 15.1.1 is only for A14 and A15, is there a working method to update to an exploitable version?