Hey I’ve used ai on this as well. For me, (on iPhone 13, iOS 18.6.2), this causes a kernel panic, but after modification, I got a use after free crash. Is this what you’re getting? My ai also has reached the kernel cache, and ended up telling me it cannot control it further to bypass pac, as basically the kernel doesn’t allow it. I think I got the same UAF on my iPhone 17 pro running 26.2.1. However, it seems I cannot progress it further. But it does appear PAC faults it out.
Hey I’ve used ai on this as well. For me, (on iPhone 13, iOS 18.6.2), this causes a kernel panic, but after modification, I got a use after free crash. Is this what you’re getting? My ai also has reached the kernel cache, and ended up telling me it cannot control it further to bypass pac, as basically the kernel doesn’t allow it. I think I got the same UAF on my iPhone 17 pro running 26.2.1. However, it seems I cannot progress it further. But it does appear PAC faults it out.