Security Researcher to Release iPhone Kernel Exploit for iOS 10.3.1, Could Lead to Jailbreak

Security Researcher to Release iPhone Kernel Exploit for iOS 10.3.1, Could Lead to Jailbreak

Posted by · 15922 views · Translate
Security researcher Adam Donenfeld has announced the upcoming release of a kernel exploit for iOS 10.3.1. The vulnerabilities used have already been fixed in iOS 10.3.2 but the exploit could lead to a jailbreak for iOS 10.3.1 (10.2 as well).

Apple fixed 8 kernel privilege escalation bugs I sent them. A privilege escalation exploit is already written. It will be released during conferences’ season in the summer. You may want to save SHSH blobs :)

Responding to jailbreak speculation Donenfeld tweets, "I never said anything about jailbreak. I'm releasing an exploit (source code + instructions). If someone wants to take the hassle of wrapping it into a jailbreak I’d be happy to help."

Here's the description of Donenfeld's presentation for HITB GSEC:

---
Attackers have been lurking around iOS in the hope of achieving a full attack-chain to the device. Following Apple’s introduction of self-signed applications, the attack surface for containerized applications on iOS is pretty constant. Apple is doing a good job in improving its security, from narrowing down the attack surface to introducing new mitigations, both from a software and a hardware perspective. As a side effect of these efforts, most of the attack surface that is not accessible by a containerized application is often ignored.

With this in mind, we decided to examine code that is not accessible by default to the common containerized app, but to any other process - regardless of its security context. We were surprised to see that what is not accessible from the initial code execution context needs much more attention. During our research, we found multiple privilege escalation vulnerabilities affecting all iOS devices in the market.

In this presentation, we will review the privilege escalation vulnerabilities, as well as demonstrate and present a detailed exploitation that is crafted from chaining all these vulnerabilities together, eventually leading to the execution of arbitrary kernel code and to bypassing all of the security mitigations currently available on iOS devices.
---

Please follow iClarified on Twitter, Facebook, Google+, or RSS for news of further developments.

Read More


Security Researcher to Release iPhone Kernel Exploit for iOS 10.3.1, Could Lead to Jailbreak

Security Researcher to Release iPhone Kernel Exploit for iOS 10.3.1, Could Lead to Jailbreak
Chip - May 21, 2017 at 4:22pm
Looks like Apple is making it harder for hackers to come out with a jailbreak. This is taking longer and longer once a year and a long wait time. This is not fun anymore.
Piggy - May 21, 2017 at 11:38am
Just heard from a reliable source quote "No jailbreak for 10.3.1 for at least till December 2017"
Piggy - May 22, 2017 at 5:40pm
Piggy fed up with promised jailbreak that never materialized...Shame shame for leading us on
pleas eno - May 20, 2017 at 10:05pm
if you release this i will make my first ever contribution and i have followed since the 3g or 3gs had those last product digits you had to have to jailbreak in week 44/45 or earlier any one member those days where a jailbreak took about 45mins to fully setup lol
D4xM4Nx - May 20, 2017 at 10:15am
Oh man! I only wish that the exploit came to light before the 'extraoficial' iOS 10.3.1 window.
3 More Comments
Recent