As you know, Google Project Zero hacker Ian Beer recently made public two userland exploits. One of these exploits is called triple_fetch and here’s how it works.
Table of Contents
How triple_fetch works
Hacker Ian Beer is the developer of the triple_fetch exploit. This exploit works for iOS 10.3.2 firmware and is based on the CVE-2017-7047 security vulnerability.
It is a part of the sandbox escape exploits released by Ian Beer a few days back.
At present, triple_fetch gives grants hackers the ability to tinker with userland processes such as backboardd, launchd, etc. We are still a long way away from a proper jailbreak.
Since it was patched on iOS 10.3.3, it’s safe to assume it works for iOS 10.0-10.3.2. Here’s how this exploit works.
- Send a malicious message to a service.
- The message then corrupts that service.
- The hacker now launch unsigned code or an lldb debugging server to access other processes.
Here’s a video by Youtuber Billy Ellis who explains it in great detail.
Can triple_fetch be used to develop a jailbreak?
It’s a major step towards a full-fledged jailbreak but there’s still some work to do. We can safely consider it as 25% of a jailbreak. The remaining exploits such as patching the kernel, bypassing the KPP, etc constitute the remaining 75%.
This means you should downgrade to iOS 10.3.2 by all means. The signing window of iOS 10.3.2 is still open and you will be stuck on iOS 10.3.3 should you miss it.
All users, who are on iOS 10.3.1, should stay where they are.
Do you think this will lead to a jailbreak for iOS 10.3.x? Let us know in the comments section below.
For more scene updates and releases, follow us on Facebook and Twitter.
I watched the video, and what is the point of pulling out the springboard?
Hello, Daniel. I actually don’t know the reason behind that. Maybe you should ask Billy Ellis.
I think that this is a greate start for a jailbreak, but doesn’t men anything much yet
Yes, you are right. The only thing that matters to the average user is a jailbreak. that’s it.