Security Researcher to Release iPhone Kernel Exploit for iOS 10.3.1, Could Lead to Jailbreak

POST

MAIL

Posted May 19, 2017 at 7:42pm by iClarified

Security researcher Adam Donenfeld has announced the upcoming release of a kernel exploit for iOS 10.3.1. The vulnerabilities used have already been fixed in iOS 10.3.2 but the exploit could lead to a jailbreak for iOS 10.3.1 (10.2 as well).

Apple fixed 8 kernel privilege escalation bugs I sent them. A privilege escalation exploit is already written. It will be released during conferences’ season in the summer. You may want to save SHSH blobs :)

Responding to jailbreak speculation Donenfeld tweets, "I never said anything about jailbreak. I'm releasing an exploit (source code + instructions). If someone wants to take the hassle of wrapping it into a jailbreak I’d be happy to help."

Here's the description of Donenfeld's presentation for HITB GSEC:

---
Attackers have been lurking around iOS in the hope of achieving a full attack-chain to the device. Following Apple’s introduction of self-signed applications, the attack surface for containerized applications on iOS is pretty constant. Apple is doing a good job in improving its security, from narrowing down the attack surface to introducing new mitigations, both from a software and a hardware perspective. As a side effect of these efforts, most of the attack surface that is not accessible by a containerized application is often ignored.

With this in mind, we decided to examine code that is not accessible by default to the common containerized app, but to any other process - regardless of its security context. We were surprised to see that what is not accessible from the initial code execution context needs much more attention. During our research, we found multiple privilege escalation vulnerabilities affecting all iOS devices in the market.

In this presentation, we will review the privilege escalation vulnerabilities, as well as demonstrate and present a detailed exploitation that is crafted from chaining all these vulnerabilities together, eventually leading to the execution of arbitrary kernel code and to bypassing all of the security mitigations currently available on iOS devices.
---

Please follow iClarified on Twitter, Facebook, or RSS for news of further developments.

Read More

Security Researcher to Release iPhone Kernel Exploit for iOS 10.3.1, Could Lead to Jailbreak

Follow iClarified

Chip - May 21, 2017 at 4:22pm

Looks like Apple is making it harder for hackers to come out with a jailbreak. This is taking longer and longer once a year and a long wait time. This is not fun anymore.

Reply · Like

Piggy - May 21, 2017 at 11:38am

Just heard from a reliable source quote "No jailbreak for 10.3.1 for at least till December 2017"

Piggy - May 22, 2017 at 5:40pm

Piggy fed up with promised jailbreak that never materialized...Shame shame for leading us on

pleas eno - May 20, 2017 at 10:05pm

if you release this i will make my first ever contribution and i have followed since the 3g or 3gs had those last product digits you had to have to jailbreak in week 44/45 or earlier any one member those days where a jailbreak took about 45mins to fully setup lol

D4xM4Nx - May 20, 2017 at 10:15am

Oh man! I only wish that the exploit came to light before the 'extraoficial' iOS 10.3.1 window.

asd - May 20, 2017 at 3:06am

who thought chiness pangu will release!! f china

Kid Danger - May 19, 2017 at 11:18pm

Still possible to save SHSH for 10.3.1??

odedoo1 - May 19, 2017 at 7:54pm

Wow, just made it on time, 2 hour ago have upgraded both my iPhone 6S and 7 plus my iPad, Apple will close the door ass soon as possible now for sure. Good thing I also saved my SHSH2 on all devices. I truly love the new folder system the changes are amazing iOS 10.3.1 reminds me of iOS 6 it runs so smoothly and fast.