Adam Donenfeld
1,707 posts
Adam Donenfeld
@doadam
iOS security, politics, tech and traveling. Not really on social media anymore.
🇪🇺
Joined January 2011
1/N Apple has finally acknowledged my kernel heap overflow and fixed it on 11.2.5 (CVE-2018-4109). While I didn't write an exploit, it's one of the most hidden vulnerabilities I've ever found, and it took me a couple of days to trigger it once I found it!- iOS 10.3.3 is no longer signed. If you were smart you are on 10.3.1. if you're on 11 good luck waiting till somewhen in 2018.
- Replying to @doadamIf someone wants to take the hassle of wrapping it into a jailbreak I’d be happy to help. (2/2)
- Some people asked about donations, Thanks! but I'm employed. Go donate to your favorite charity organization :)
- I never said anything about jailbreak. I'm releasing an exploit (source code + instructions). (1/2)
- Replying to @doadamApple bug submissions are also public now, and like I said in the presentation, some of them might still be working on 10.3.2 🙂
- Well, that should help get you started on the latest ones: iCrypto -f iBoot.d11.RELEASE.im4p -k 53c616cddb7c0ca65b216643d2c35f3a0b5223de14e82af376ee440973d1148e0fc4a46595b88292ee0c4adee3587298 -o iBoot.d11.RELEASE.4513.230.10Replying to @doadamSure ! I can do it if you provide me a bootchain exploit
- I'm not sure if a coincidence or not, but on iOS 10.3.1, my sysctl trick to bypass SMAP was "challenged". Apple switched the order of l1dcache and l1icache... so now the whole exploit is a little bit more messed up. Anyway... ZiVA runs on 10.3.1 :)
- This would mean a jailbreak from iPhone 4S till iPhone 8/X for every version forever.EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). github.com/axi0mX/ipwndfu
- phrack.org/papers/viewer_… I must say, this is one of the only few times I feel like my work is actually reviewed based on its content and not based on the amount of money the company I represent pay :)
- Would a "new mitigations introduced in iOS 13" presentation be something that people are interested in?
