iOS 10.3.2 Userland Exploit Released [Video]

iOS 10.3.2 Userland Exploit Released [Video]

Posted by · 14178 views · Translate
Security researcher Ian Beer has released a userland exploit for iOS 10.3.2. The exploit allows you to access the task pool for any process on the iPhone apart from the kernel.

---
This is an exploit for CVE-2017-7047, a logic error in libxpc which allowed malicious message senders to send xpc_data objects that were backed by shared memory. Consumers of xpc messages did not seem to expect that the backing buffers of pc_data objects could be modified by the sender whilst being processed by the receiver.

This project exploits CVE-2017-7047 to build a proof-of-concept remote lldb debug server stub capable of attaching to and allowing the remote debugging all userspace processes on iOS 10.0 to 10.3.2.
---

In the video below, Billy Ellis explains how to use the triple_fetch tool released by Beer.

"Currently this project only allows you to mess with user land processes such as backboardd, launchd, SpringBoard, etc & is DOES NOT provide a method of fully jailbreaking & patching the kernel and installing Cydia and other jailbroken packages onto the device."

Jonathan Levin, author of macOS and iOS Internals, recently said that the exploit can be adapted to a jailbreak. We'll let you know if that happens. If you are interested in jailbreaking, we'd advise you downgrade to iOS 10.3.2 before the signing window closes.

Please follow iClarified on Twitter, Facebook, Google+, or RSS for updates.

Take a look at the video below!


drigo marki - August 4, 2017 at 3:34pm
yeah, more things are needed to get jailbreak. Gosh, the way it goes, we might get jailbraeak when iOS is version 12 or 13. If ever. It's proved that is so hard to get jailbreak these days due to increse security and bug bounty by security companies. So, chances for public jailbreak are almost non existent.
@Comment - August 4, 2017 at 3:18pm
Over 3000 views not ONE comment ??
The Dude - August 4, 2017 at 10:48pm
because 3000 people just realized that Apple already blocking this exploit because its posted....
Recent