All iOS 10-10.3.3 Exploits explained + Jailbreak progress so far

There are plenty of iOS 10 jailbreak exploits floating around on the interwebs, yet a jailbreak eludes us. Here’s an in-depth explanation of all exploits for iOS 10-10.3.3 and jailbreak progress so far.

iOS 10-10.3.3 exploits 

Here’s a list of all iOS 10 exploits that are publicly available for developers to use.

Jailbreak exploit

Although there are plenty of other exploits as well, I have omitted them for the sake of simplicity. iOS 10-10.2 users can already use yalu jailbreak so there’s no point in including them here.

triple_fetch 

triple_fetch is yet another exploit by Google Project Zero’s Ian Beer. It is compatible with all iOS 10 versions up to 10.3.2.

It is based on a race condition and has an extremely low success rate. Saigon (beta version) utilizes this very exploit, which explains why it fails every time.

  • Compatibility – 10-10.3.2

ziVA

ziVA is an exploit based on an Apple media driver vulnerability. It is developed by Adam Donenfeld of Zimperium labs.

It is currently present in the older version of Saigon and is unusable on iOS 10.3.2 and 10.3.3.

  • Compatibility – 10-10.3.1

v0rtex

v0rtex is an iOS 10 exploit that is based on a UaF port vulnerability in iOS kernel. It is developed by German hacker Siguza.

This is the most powerful exploit for this firmware and is compatible with each and every version. Moreover, the upcoming iOS 10.3.3 jailbreak will utilize it.

For the uninitiated, v0rtex has already been used in Saigon (iOS 10.2.1 jailbreak) to make it more stable.

  • Compatibility – 10-10.3.3

AMFI patch

AMFI patch is the latest exploit for iOS 10.3.3. It is developed by PsychoTea. It’s a backport of iOS 11’s codesigning bypass and is currently responsible for SSH access.

  • Compatibility – 10.3.3

iOS 11 exploits for iOS 10

Several exploits and patches from iOS 11 are compatible with iOS 10 with appropriate modifications.

The v0rtex exploit is the iOS 10 analog of Ian Beer’s async_wake. Furthermore, the iOS 10’s codesigning bypass is also a backport from iOS 11.

iOS 11 emojis

You can expect even more developments soon once Cydia Substrate gets an update in the future.

Jailbreak progress so far

Who is working on an iOS 10.3.3 jailbreak?

Despite what people think, Siguza is not working on an iOS 10.3.3 jailbreak. His work (so far) is limited to only finding the exploit for iOS 10 but that could change in the future.

An unknown developer, who goes by the name PsychoTea, is currently working on a jailbreak for iOS 10.3.3 and below. He has so far achieved the following on iOS 10 –

  • Kernel read/write access
  • Read/write permissions for the root filesystem
  • SSH access
  • AMFI patch (Codesigning bypass)

Here’s a screenshot of SSH access on iOS 10.3.3 firmware.

SSH access on iOS 10.3.3

This is comparable to everything that we now have for iOS 11 firmware and we are not too far behind.

German hacker Tihmstar is also working on an iOS 10.3.3 jailbreak. However, this tool will remain limited to 32-bit devices only. He recently also showed off his iPhone 5 running Cydia so a release is imminent.

What’s remaining?

According to the developer, offsets and patches are still remaining. The developer will add more offsets in the future to add support for all 64-bit devices.

Apart from that, we also need a Cydia Substrate update, which is something only Saurik can do.

cydia

As of now, the XCode project is available for public yet unfinished. You can run it on your device by manually applying the correct offsets.

As always, I would recommend waiting so as to not mess up your device.

Solid progress is being made on the iOS 10 jailbreak front and you can be assured that a jailbreak will drop very soon. Are you still sitting tight on iOS 10.3.3 or below?

For more jailbreak scene updates, give us a thumbs up on Twitter and Facebook.

One Response

  1. Sailesh December 22, 2017

Leave a Reply