Zimperium researcher released an iOS Kernel Exploit PoC
28.8.2017 securityaffairs iOS
Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices.
Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices.
The expert called the PoC exploit zIVA (Zimperium’s iOS Video Audio), it is designated to work on all 64-bit iOS devices <= 10.3.1.
The vulnerabilities discovered earlier this year are tracked as CVE-2017-6979, CVE-2017-6989, CVE-2017-6994, CVE-2017-6995, CVE-2017-6996, CVE-2017-6997, CVE-2017-6998 and CVE-2017-6999.
The exploit allows an attacker to take complete control of the kernel, chaining the vulnerabilities it is possible to jailbreak a device, it has been presented at the HITBGSEC held in Singapore on August 25th.
“Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver.” Donenfeld wrote in a blog post.
“The issues are severe and could lead to a full device compromise. The vulnerabilities ultimately lead to an attacker with initial code execution to fully control any iOS device on the market prior to version 10.3.2.”
iOS 10.3.2, which Apple released in mid-May, addresses seven AVEVideoEncoder flaws and one IOSurface vulnerability discovered by Donenfeld. The expert speculates the flaws could affect all prior versions of the iOS operating system.
Donenfeld discovered the presence of the AppleAVE module while testing iOS kernel modules. The module was affected by flaws that could be exploited to cause a denial-of-service condition or to trigger information disclosure and privilege escalation.
The expert highlighted that the flaws can be chained to achieve arbitrary read/write and root access. The exploit developed by Donenfeld could be used to bypass all iOS security mitigations.
iOS users can protect their devices by updating them to the latest iOS version.