@has000oon
I don't really look at what is going on in the jailbreak community, so I don't know if this is the first public kernel read/write exploit for iOS 16. If it is, then it could be useful but it's only the first piece of the puzzle! (PAC and PPL bypasses are not included)
@Little_34306
I tested the second exploit (Smith) on the very first public and developer betas of iOS 17 and it worked. I don't know in which beta it was fixed.
@dedbeddedbed
Yeah, that's because 16.1.2 isn't in the list of versions I tested. You might want to try removing `assert_false("unsupported osversion");` in the function info_init() in info.h, and replace it with `kfd->info.env.vid = 0;` instead. If you're lucky, the offsets will be the same!
@dedbeddedbed
In that case, the offsets are not the same! If you're not comfortable retrieving them from the XNU source code, you will have to wait for other people to offer pull requests which add support for the other versions that can be supported!
@Little_34306
If you trigger the assertion on line 93 in smith.h, then it has been fixed already. If you get a kernel panic, then it's a good sign but you'll need to adjust some offsets!
@AppleUpdatei
@tihmstar
@i41nbeer
@NedWilliamson
@LinusHenze
Yes, but with a bit of work. You will need to find certain offsets in the XNU source code (easy). And if you want to support the "better kernel read/write primitive" through the fake perfmon device, you will need to find a few static addresses from the kernelcache (tedious).