Min “Spark” Zheng, a senior security engineer at Alibaba, claims 33% of an iOS 10.3.x jailbreak has already been achieved. Let’s find out how much weights his claim holds.
Zheng analyzes triple_fetch exploit
Min Zheng has posted an in-depth analysis of Ian Beer’s triple_fetch exploit for iOS 10.0-10.3.2. Here’s what the Chinese hacker tweeted.
About 33% for JB.
— Min(Spark) Zheng (@SparkZheng) August 11, 2017
For the uninitiated, Zheng is an eminent security researcher and hacker. He currently works for Alibaba. He has also worked with internet giants like Tencent and Baidu.
In his analysis, Zheng played around with the triple_fetch NSXPC security vulnerability. Subsequently, he introduced a function that performs a Stack Pivot attack.
This attack allows arbitrary code execution permissions through ROP (Return Oriented Programming).
Tencent KeenLab member Laing Chen has also analyzed this exploit in the past. However, his analysis was extremely complex and perplexing.
What else is required for a 10.3.2 jailbreak?
As you already know, Ian Beer’s exploits are not capable of exploiting the kernel. We still require one or two more powerful security vulnerabilities in XNU or IOKit.
The hacker also explains that Apple has already patched the KPP bypass technique used by yalu102. This certainly means there’s still a lot of work to be done.
Although Zheng has never released anything, he is well respected within the jailbreak community. Therefore, any tweet or information that comes from him is highly reliable.
Apple has already stopped signing iOS 10.3.2 and yet a jailbreak is nowhere to be found. Hopefully, a fully working jailbreak tool will be released soon for iOS 10.3.x.
When do you think iOS 10.3.2 will become free from Apple’s shackles? Let us know in the comments below.
For more scene updates and news, like and follow us on Twitter and Facebook.