[NotPavlovsDog]

for those looking for a TLDR:

- Result: run unauthorized code on iOS 14

- 14 is the most secure toy phone OS to date, with kernel heap hardening, data PAC, userspace PAC hardening, tfp0 hardening, ipc_kmsg hardening

- Exploit took advantage of multiple bugs, concentrating on PAC (Pointer Authentication Code, cryptographic signature on the pointer value, designed to resist memory disclosure attacks, for more context see [1])

- Multiple steps and dependencies, chaining vulnerabilities and exploits

- Code on https://github.com/pattern-f

I really commend Zuozhi Fan (@pattern_F_)for publishing the code with the report.

Additional resources:

[1] https://googleprojectzero.blogspot.com/2019/02/examining-poi...

[wayneftw]

Good summary.

As the owner of my device though, I would say the result is that it lets me run authorized code because I am the authority, not Apple.

By jailbreaking, I am asserting my legal authority as the owner.

[NotPavlovsDog]

But that's not the phone's defaults. Anything not approved by the monopoly is unauthorized, making the initial statement correct and the phone a toy from general computing criteria.

[iJohnDoe]

Sounds like a lot of work and effort involved.

[NotPavlovsDog]

Yes. There are graphics in the presentation towards the end giving an overview. I'm impressed with how much knowledge the researcher acquired in a relatively short time.