Wi-Fi exploit found in iOS 10.x giving hope for jailbreak

In July, Apple released iOS 10.3.3, which patched the Broadpwn exploit, which allowed hackers to execute arbitrary code

Wi-Fi chip on iPhone, iPad and iPod touch.

Google Project Zero Security SpecialistGal Benjamin, who found that exploit, just posted another. Perhaps, with his help, a hacker will be able to develop a jailbreak for 10.2.1 - iOS 10.3.2, since now you can access a memory dump.

Before you rejoice, study all the nuances:

  • Yes, using the exploit you can jailbreak iOS <= 10.3.3.
  • Since the Wifi firmware does not have any signature, it can be decrypted. This will take some time, as This format is completely different from regular iOS binaries.
  • The most difficult thing will be the first step - to penetrate the chipWifi, because this requires access to the SoftMAC Wifi device, which not everyone has. Or you can hack the device itself and download the firmware, i.e. commit hacking locally.
  • All this will work only on devices with an A8 processor and newer (iPhone 6 and above), so the owners of the iPhone 5 / 5c / 5s, iPad 4, iPad mini 2 and iPad Air are out of luck.
  • In addition, for devices with processors A8 and A9it will be necessary to develop a new method of gaining access to the Wifi chip, since on iPhone 7 this is done using KTRR control registers, which are not on A8 / A9 processors.

To develop a jailbreak for iOS 10.x, there is still a lot of work to be done, so don’t overstate your expectations. Apple fixed the exploit in iOS 10.3.3, so jailbreak for iOS 11 cannot be created.

If you have iOS 10.3.2 or lower, then do not rush to update if you are waiting for the jailbreak. One of the main rules is not to upgrade to the latest versions of the system in order to get more chances to install a jailbreak. But, on the other hand, you are susceptible to exploits that threaten your security.