iOS 10.3.1 ziVA Exploits Which Could Lead To Jailbreak Are Out
As promised, Adam Donenfeld of Zimperium has released his iOS video and audio kernel exploits into the public domain ahead of his “Ro(o)tten Apples: Vulnerability Heaven in the iOS Sandbox” presentation at this year’s Hack in the Box in Singapore.
Donenfeld and his team at Zimperium discovered the privilege escalation vulnerabilities during research into the aforementioned talk, and have published an accompanying blog post on the subject as well as pushed the ziVA kernel exploit to GitHub.
The Zimperium team found multiple vulnerabilities all in the same AppleAVEDriver module, leading them to be in a position to package all of that together into a fully chained iOS kernel exploit that works on all iOS devices running iOS 10.3.1 or earlier. Although the team has caveatted this with “should” work on all devices running that firmware or earlier. And of course, the blog post also suggests that the proof-of-concept of the exploit in action has been released for educational purposes only, with all information also being sent to Apple.
Educational purposes or not, we all know that the jailbreak community isn’t just going to sit back and let themselves purely be educated by this research and release. Min Zheng, a highly prominent figure in the community, has already pounced on the upload and confirmed that 66% of the requirements for an iOS 10.3.1 jailbreak are now in place. That in itself should be a fairly good indication that individuals with the necessary skills and expertise should hopefully be on the case, planning to put together a jailbreak for consumers as quickly as possible.
It’s been a little bit of a whirlwind ride where Donenfeld, Zimperium, and this exploit is concerned. It’s literally only been a matter of days since it first came to light that it actually existed. Various time zones, traveling, and other commitments meant that Donenfeld wasn’t able to release this as earlier as he would have liked, but now that it’s out in the open, it’s really time for the talented individuals in the jailbreak community to go to work to put an iOS 10.3.1 jailbreak together for everyone.
If you are interested in the technical information, you can checkout the ziVA exploit on GitHub here, or the accompanying blog post from Zimperium here.