iOS 14.3 Kernel LPE Exploit Released, May Lead to Jailbreak
A new iOS 14.3 kernel local privilege escalation exploit that works on ALL devices has been released by ModernPwner.
The exploit, dubbed ‘cicuta_virosa’, was announced on Twitter:
cicuta_virosa uses best practices for iOS exploitation and should work without problems on all devices iOS 12.0 – 14.3 (and 14.3 RC). See “Current status” section for some additional information.
Just in case – “All devices” means even A14 devices.
The exploit can be download from this GitHub page. According to the readme, it needs a lot of cleanup and more stable primitives that don’t rely on memory reallocation. Currently, it takes more than two minutes to execute due to difficulty in bypassing one sanity check; however, that should be fixed soon. Reliability is described as ‘amazing’ on A13 and A10 devices.
Notably, the readme also gives CoolStar permission to use and modify the exploit for Odyssey. CoolStar has already addressed the exploit saying:
Should things work out with the exploit, expect Chimera14 (SSH only) first. Followed by Odyssey14 after (libhooker and tweaks)
14 presents it’s own new challenges that I’ll have to look at 🙂
Unfortunately, Apple has stopped signing iOS 14.3. So if you haven’t upgraded already, you may want to hold off. Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.