Just like its predecessor, the A12 Bionic chip ups the ante on security and exploit research. It comes with new features that are set to make jailbreak development harder than ever before.
Table of Contents
APRR is an advanced version of KTRR, a hardware-based KPP that is present in iPhone X and older devices. It is, as of right now, present in Apple’s latest smartphone models – iPhone XS/XS Max and iPhone XR.
KPP and KTRR perform checks in order to protect the kernel from modifications and attacks and APRR is only going to take it up a notch. It deals with protected instructions and gets activated as soon as the processor powers on.
According to Ben Sparkes, this mechanism is currently used specifically for AMFID.
The hacker also claims that not much is known about this new feature because not a lot of research has been done on this security feature thus far.
Initially, it was believed that Apple deployed it over the entire userland. Had that been true, we would have needed an APRR bypass along with tfp0 patch and a root filesystem remount for an iOS 12 jailbreak.
Furthermore, it would have rendered KPPless-based jailbreak tools useless on iPhone 7 and above models.
Other security features in A12 devices
APRR is not the only security mechanism present in A12 devices. Security researcher Jonathan Levin claims that ARM’s Pointer Authentication Codes (PAC) will also pose more problems for exploiters.
CoreTrust now only accepts code signatures with a CMS (certificate blob) and chain that leads to Apple.
This limitation effectively puts an end to the sign commands of JTool, a reverse engineering utility by Levin. Researchers will now have to rely on signing bin pack with a paid developer certificate.
There’s some good news, though. Both of these security mechanisms are hardware-based and only affect A12 devices.
That means older devices such as the iPhone X, iPhone 8 plus, iPhone 8 and below are open to attackers and jailbreak developers.