Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices.
Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices.
The expert called the PoC exploit zIVA (Zimperium’s iOS Video Audio), it is designated to work on all 64-bit iOS devices <= 10.3.1.
The vulnerabilities discovered earlier this year are tracked as CVE-2017-6979, CVE-2017-6989, CVE-2017-6994, CVE-2017-6995, CVE-2017-6996, CVE-2017-6997, CVE-2017-6998 and CVE-2017-6999.
The exploit allows an attacker to take complete control of the kernel, chaining the vulnerabilities it is possible to jailbreak a device, it has been presented at the HITBGSEC held in Singapore on August 25th.
“Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver.” Donenfeld wrote in a blog post.
“The issues are severe and could lead to a full device compromise. The vulnerabilities ultimately lead to an attacker with initial code execution to fully control any iOS device on the market prior to version 10.3.2.”
iOS 10.3.2, which Apple released in mid-May, addresses seven AVEVideoEncoder flaws and one IOSurface vulnerability discovered by Donenfeld. The expert speculates the flaws could affect all prior versions of the iOS operating system.
Donenfeld discovered the presence of the AppleAVE module while testing iOS kernel modules. The module was affected by flaws that could be exploited to cause a denial-of-service condition or to trigger information disclosure and privilege escalation.
The expert highlighted that the flaws can be chained to achieve arbitrary read/write and root access. The exploit developed by Donenfeld could be used to bypass all iOS security mitigations.
iOS users can protect their devices by updating them to the latest iOS version.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.