iOS 10.x.x Broadpwn Exploit Released; A Ray of Hope for iOS 10.x Jailbreak? - iPhoneHeat

iOS 10.x.x Broadpwn Exploit Released; A Ray of Hope for iOS 10.x Jailbreak?

With the release of iOS 10.3.3 back in July, Apple patched the exploit called Broadpwn to stop hackers from executing arbitrary code on Wi-Fi chip of iPad, iPhone, and iPod Touch. Hence no jailbreak since then.

ios 10.3.2 jailbreak

A security research named Gal Beniamini who works at Google Project Zero was credited by Apple with discovering the Broadpwn exploit. He has now released the security exploit to the public. This release has sparked the speculations that hackers can use this exploit to develop a jailbreak for iOS 10.2.1 – iOS 10.3.2. A Reddit user points out that with this exploit, a hacker can ger kernel memory access.

The Reddit user has summarized the exploit very well. Check it out:

Yes, this can most likely be used to jailbreak iOS <=10.3.3. Since the Wifi firmware that is stored on disk seems to lack any kind of signature, an untether should be possible by crafting a custom wifi firmware image. It’ll probably take quite some time to create one in that format since that’s entirely different from normal iOS binaries. The trickiest part is probably gonna be the first step, i.e. getting onto the Wifi chip, since that requires (availability and) access to a SoftMAC Wifi device, which by far not everyone has. Alternatively, getting root on the device itself should allow the uploading of the same crafted firmware image that would allow an untether, thus executing the attack locally (e.g. triple_fetch could be used to get root <=10.3.2). All of this will only work on A8 devices and newer (iPhone 6 and up), since older devices use USB rather than PCIe for Host <-> Wifi communication (so no luck for iPhone 5/5c/5s, iPad 4, iPad mini 2 and iPad Air).
Additionally, for A8 and A9 devices a new method will have to be devised to obtain the kernel slide once on the Wifi chip, since on the iPhone 7 that is done via the KTRR control registers, which A8/A9 chips lack.

As evident from Reddit user’s post, there is still a long way to go to come up with a working jailbreak for iOS 10.x.x. So, do not put your hopes too high for this one because it is not going to happen anytime soon (if it ever does.) Since Apple has fixed this exploit in iOS 10.3.3, if any hacker comes up with a jailbreak base-off this exploit, it won’t support iOS 11 firmware.

If you have been waiting for a jailbreak and still rocking iOS 10.3.2 or older firmware, you may want to hold off upgrading. It is one of the golden rules of jailbreaking that you stay away from latest software updates in an effort to increase your chances of getting a jailbreak. The only downside of staying at older firmware is that you’re exposed to security exploits such as the one discussed here, and others which have been fixed in newer version.

Are you one of those still waiting for a jailbreak tool or do you believe that jailbreaking is as good as dead? Share your views in the comments section below.

0 comments… add one

Leave a Comment