Great news for those who stayed on iOS 10.x, Google Project 0 has done it again, they've managed to get remote Kernel Code Execution by exploiting the firmware of the WiFi Chip.
According to hacker @siguza, this can most likely be used in a jailbreak for iOS 10.3.3 and lower, and not maybe even usable for an UNTETHER due to the fact that the firmware of this chip is not signed in any ways.
This is a nice breakthrough, it is the first exploit compatible with iOS 10.3.3. Both ziVA and triple_fetch exploits are nice and useful, but patched in iOS 10.3.3, this one isn't, this one is really the first glimmer of hope for 10.3.3 users on 64-Bit.
However, as many other good things, this one has limits. According to @siguza, this would only work on A8 chips and later, this means iPhone 6 or newer as these use PCIe host, anything older uses USB so it is not compatible.
Funny thing, on #iPhone 7, Gal used the very KTRR (Kernel Text Read Only Region) (that is supposed to protect the kernel) to break KASLR (Kernel Address Space Layout Randomization) which is an exploit mitigation. LMAO!
These are indeed good news, especially since I see a glimmer of hope for an untether on 64-Bit in a very long time!
I have to give a HUGE shoutout to Project 0 for their findings and their research!
▽ Resources ▽
▶ Project Zero's Writeup
▶ Siguza's thoughts on this
▶ Great News For JAILBREAK: Xerub Released a KPPless Extra Recipe Branch
▶ NEW Saigon Jailbreak
▶ iOS 10.3.3 / iOS 11 JAILBREAK UPDATE & STATUS (OCTOBER WEEK 1)
▶ Great News For JAILBREAK: Apple Open-Sourced The iOS Kernel