Dhaka Mobile 

Logo 




Go Back  

Dhaka Mobile > News Section > Tech News

Connect with Facebook
Register Unlock support Online Shop Members List Calendar Mark Forums Read

Tech News General Technology News

Reply
 
Thread Tools Display Modes
Old 05-08-17, 07:43 PM   #1
Anowar_virus
Super Moderator
 
Anowar_virus's Avatar
 
Join Date: Mar 2009
Location: D H A K A
Posts: 1,183
Status: Offline
Sonork: 100.1621245
Thanks: 2,727
Thanked 1,555 Times in 652 Posts
Rep Power: 11
Anowar_virus is on a distinguished road
Default iOS 10.3.2 Jailbreak Exploit Explained

Looking for iOS 10.3.2 jailbreak update? A new video released explains and details how Ian Beerís potential exploit for an 10.0-10.3.2 jailbreak works. Hereís everything you need to know.

We are yet to have confirmation that someone with the relevant skillset is actually working on adapting Ian Beerís exploit into a workable consumer jailbreak for iOS 10.3.2, but we are seeing more information about the underlying vulnerabilities being pushed out into the public domain. Now a new YouTube video published by Billy Ellis is not only referencing the vulnerabilities and triple_fetch toolkit released by Ian, but is also giving additional details on how exactly it works.



The first thing highlighted in the video is the fact that this particular bug, or set of bugs, has already been patched with the release of iOS 10.3.3, which Apple issued relatively recently. The published bugs by Ian are userland-based and are only compatible with iOS 10.0 through iOS 10.3.2, which means that anyone currently running iOS 10.3.3 needs to downgrade immediately if they plan on waiting for these vulnerabilities to materialize into a jailbreak in the future. As Apple is still signing iOS 10.3.2, it is actually possible to go through that downgrade process.

Apple security knowledge base has already referenced the aforementioned CVE-2017-7063 bug and attributes it to Ian of the Google Project Zero team. This reference is in relation to iOS 10.3.3 where Apple is essentially saying it has been patched, stating that the bug ďmaybe be able to execute arbitrary code with system privileges.Ē

Music to the ears of anyone involved in the world of jailbreaking, Ellis also shows off the Xcode project which comes as part of the triple_fetch toolkit, explaining that in its current form itís essentially useless to any average device owner and that it is more aimed at security researchers who want to interrogate iOS and potentially look for additional bugs.

In addition to the things mentioned above, the video by Ellis embedded below also gives fairly decent overview of running the project on an iOS device and interacting with the debugger to be able to attach to system-level processes and interrogate whatís going on in the userland. All of the information on how to do that is also included in the accompanying readme file which downloads with the project.

It must be stressed again that in its current form this really doesnít offer any advantages to an average Joe, and should really only be used by security researchers at this stage. Having said that, we have it on good authority that these vulnerabilities can be used to produce a working developer jailbreak, so letís hope that happens sooner rather than later.
  Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +7. The time now is 08:46 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Copyright DhakaMobile.com 2006-2016. All Rights Reserved.