Finally, Israeli security researcher Adam Dodenfeld has released the highly anticipated kernel exploit. Here’s all you need to know about it.
Adam releases iOS Kernel Exploit for iOS 10.3.1
Adam Dodenfeld, a Zimperium Labs hacker, has recently made public ziVA, a powerful iOS kernel exploit. It hacks the kernel and allows the hacker arbitrary read-write permissions along with root access.
This exploit is compatible with all iOS 10 versions up to iOS 10.3.1. Furthermore, it also supports all iOS 10-compatible devices, including iPhone 7 and iPhone 7 plus.
Since this exploit has been released after Apple has stopped signing iOS 10.3.1, this will forever remain unpatched.
While this is a great thing, not many people are using iOS 10.3.1 at present.
How ziVA works
ziVA exploits the AppleAVE, a lesser-known kernel module that ignores all the basic security concepts.
Here’s a simplistic explanation of this complicated exploit.
- This exploit revolves around the creation of an “IOSurface object” in the memory.
- Due to poor implementation of certain functions, it doesn’t get destroyed like it’s supposed to.
- Therefore, it remains in the primary memory longer than necessary.
- At this very moment, a hacker can tinker around with it eventually gaining kernel level access.
- Since it remains in the primary memory, it can lead to a complete device compromise.
Just like other jailbreak tools, you need proper offsets for your iOS device before you can test it out. Apple has already closed the underlying security vulnerabilities in iOS 10.3.2 update.
Adam will also be sending this exploit to Apple so they can take note of it.
Frequently Asked Questions
Q. Is ziVA an actual Jailbreak?
A. No, this is not a working jailbreak but a major step towards an actual jailbreak that will install Cydia on your device.
Q. Is it compatible with iOS 10.3.2?
A. Since Adam revealed these vulnerabilities to Apple, they have been patched in iOS 10.3.2 update. It only supports iOS versions less than or equal to 10.3.1.
Q. When will get an iOS 10.3.1 jailbreak?
A. An iOS 10.3.1 jailbreak is contingent to a developer packaging this exploit into a jailbreak. As of yet, no developer from the jailbreak community has started its development.
Q. Do we need a Sandbox escape for a working jailbreak?
A. Yes, a sandbox escape exploit is still needed. Thankfully, Project Zero hacker, Ian Beer, has already released his triple_fetch exploit that works up to iOS 10.3.2.
Q. Is a KPP/AMCC Bypass required?
A. No, ziVA exploits a very powerful security vulnerability at the kernel level. This means we don’t require a bypass for bypassing Apple’s hardware protection mechanisms (KPP/AMCC).
For more scene updates and releases, follow us on Facebook and Twitter.