Latest working exploit code for iOS, dubbed zIVA has now been released by Adam Donenfeld followed by a demo in Hack in the Box conference, which can be exploited in all iOS devices running versions 10.3.1 and below.
This exploit was made by combining 8 previously exposed vulnerabilities of which 7 of them are in in AppleAVEDriver.kext and one in the iOSurface kernel extension which could lead to privilage escalation, DOS, as well as access to various sensor data and even take full control over the device.
Complete documentation of this exploit has also been published and is available for download. Click Here.
This exploit is a chain of 8 known vulnerabilities and this could lead to Privilage escalation, DOS, Information Disclosure, as well as access to various sensor data and even take full control over the device. An attacker could exploit this vulnerability by installing a crafted application on the affected system. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges on the system. This may also allows attackers to bypass privacy settings for contacts, look up location search histories, access system file metadata, obtain a user’s name and media library, consume disk storage space (in such a manner that uninstalling the app won’t recover it), block access to system resources, and allow apps to share information with each other without permission.
How to Prevent
This can be exploited in a iOS version less than 10.3.1. iOS have already patched up the code and updates are available. All iOS users must update their system ASAP.