|
|
|
|
|
|
by sweetjuly
1256 days ago
|
|
|
I think one of the big unstated challenges (but implied by the reference to needing a bootloader exploit) is that KTRR/CTRR [1] prevents new executable kernel code from being introduced after the device boots, even if the kernel is fully compromised. This is a hardware feature and is not one that has (publicly) been bypassed in recent memory. In other words, without a bootloader exploit it is not possible to map the macOS kernel on an iOS device [1] https://blog.siguza.net/KTRR/ |
|
|