Εδώ και μερικές ώρες η Project Zero αποκαλύπτει την τεχνική ανάλυση του Exploit,που στοχεύει στον Kernel της συσκευής μέσω του WiFi. Στη προκειμένη μιλάμε για τη "φιλική συμμετοχή" (a.k.a. iPh 7).
Ο Siguza, ο άνθρωπος πίσω απο το Phoenix JB σε συνεργασία με τον tihmstar, αναφέρει.
- Yes, this can most likely be used to jailbreak iOS <=10.3.3.
-Since the Wifi firmware that is stored on disk seems to lack any kind of signature, an untether should be possible by crafting a a custom wifi firmware image. It'll probably take quite some time to create one in that format, since that's entirely different from normal iOS binaries.
- The trickiest part is probably gonna be the first step, i.e. getting onto the Wifi chip, since that requires (availability and) access to a SoftMAC Wifi device, which by far not everyone has. Alternatively, getting root on the device itself should allow the uploading of the same crafted firmware image that would allow an untether, thus executing the attack locally (e.g. triple_fetch could be used to get root <=10.3.2).
- All of this will only work on A8 devices and newer (iPhone 6 and up), since older devices use USB rather than PCIe for Host <-> Wifi communication (so no luck for iPhone 5/5c/5s, iPad 4, iPad mini 2 and iPad Air).
- Additionally, for A8 and A9 devices a new method will have to be devised to obtain the kernel slide once on the Wifi chip, since on the iPhone 7 that is done via the KTRR control registers, which A8/A9 chips lack.
https://bugs.chromiu...tail?id=1317#c3
Τελευταία επεξεργασία από: nikosgnr, 12/10/2017 - 13:53