Security researcher Ian Beer has released a userland exploit for iOS 10.3.2. The exploit allows you to access the task pool for any process on the iPhone apart from the kernel.
---
This is an exploit for CVE-2017-7047, a logic error in libxpc which allowed malicious message senders to send xpc_data objects that were backed by shared memory. Consumers of xpc messages did not seem to expect that the backing buffers of pc_data objects could be modified by the sender whilst being processed by the receiver.
This project exploits CVE-2017-7047 to build a proof-of-concept remote lldb debug server stub capable of attaching to and allowing the remote debugging all userspace processes on iOS 10.0 to 10.3.2.
---
In the video below, Billy Ellis explains how to use the triple_fetch tool released by Beer.
"Currently this project only allows you to mess with user land processes such as backboardd, launchd, SpringBoard, etc & is DOES NOT provide a method of fully jailbreaking & patching the kernel and installing Cydia and other jailbroken packages onto the device."
Jonathan Levin, author of macOS and iOS Internals, recently said that the exploit can be adapted to a jailbreak. We'll let you know if that happens. If you are interested in jailbreaking, we'd advise you downgrade to iOS 10.3.2 before the signing window closes.
Please follow iClarified on Twitter, Facebook, or RSS for updates.
Take a look at the video below!
---
This is an exploit for CVE-2017-7047, a logic error in libxpc which allowed malicious message senders to send xpc_data objects that were backed by shared memory. Consumers of xpc messages did not seem to expect that the backing buffers of pc_data objects could be modified by the sender whilst being processed by the receiver.
This project exploits CVE-2017-7047 to build a proof-of-concept remote lldb debug server stub capable of attaching to and allowing the remote debugging all userspace processes on iOS 10.0 to 10.3.2.
---
In the video below, Billy Ellis explains how to use the triple_fetch tool released by Beer.
"Currently this project only allows you to mess with user land processes such as backboardd, launchd, SpringBoard, etc & is DOES NOT provide a method of fully jailbreaking & patching the kernel and installing Cydia and other jailbroken packages onto the device."
Jonathan Levin, author of macOS and iOS Internals, recently said that the exploit can be adapted to a jailbreak. We'll let you know if that happens. If you are interested in jailbreaking, we'd advise you downgrade to iOS 10.3.2 before the signing window closes.
Please follow iClarified on Twitter, Facebook, or RSS for updates.
Take a look at the video below!