A new hacker has successfully run the triple_fetch exploit on his iPhone. Here’s all you need to know about it.

Table of Contents

Hacker runs triple_fetch on iPhone 7

A new hacker, Hayzam Sherif, has successfully run the triple_fetch exploit on iOS 10.3.2 firmware.

Sherif took a simple web server written in C programming language and compiled it for the iOS operating system.

Since this web server is unsigned code, he harnessed the power of triple_fetch to execute it. Normally, iOS forbids you from running unsigned code on an Apple device due to security reasons.

Normally, iOS forbids you from running unsigned code on an Apple device due to security reasons. However, with such iOS exploits, we can circumvent the security checks easily and run unauthorized code or applications.

hacker

This is exactly what a jailbreak does – it essentially replaces the web server part with a KPP bypass and then runs it to gain root access.

Here’s how you can run your own C web server on iOS 10.3.2 and below. Remember, you must have a macOS machine for this tutorial.

How to run a Web Server on your iPhone

Step 1 Clone Hayzam’s Github repository using this line in Terminal –

git clone https://github.com/hayzamjs/TripleFetch_WebServer

Step 2 Open the folder where you downloaded it.

Step 3 Run the XCode project file present in the folder.

Step 4 Ensure it runs if it doesn’t, try running it once again. it can take a few tries before you get it up and running successfully.

Step 5 Check your phone and you will have the C web server running on it.

Step 6 By tapping the “exec bundle binary” option, it will output the server on your screen as well.

Can this lead to a jailbreak?

Unfortunately, no. Hayzam’s iPhone 7 is running iOS 10.3.2 and, hence, he can’t run Adam Donenfeld’s ziVA exploit.

However, some other developer who is currently on iOS 10.3.1, 10.3, or 10.2.1 can still make use of it. If anyone achieves that, we will get root access, that is, a jailbreak for iOS 10.3.1 and below versions.