A couple of months ago, talented hobbyist and security researcher @alfiecg_dev shared a write-up on a deterministic kernel exploit called Trigon that was based on CVE-2023-32434 with a 100% success rate, but support was limited to certain older devices running older firmware. Since then, it appears that @alfiecg_dev has been busy…
In a post shared via social media platform 𝕏 Thursday afternoon, @alfiecg_dev said that his gave a talk at 0x41con about a newer version of the Trigon exploit, this time with support for A7-A9 and A11 devices. As you’ll recall from our previous post detailing the original write-up, the exploit previously didn’t support A11 devices because of a kernel panic, but it now seems that this has been resolved in the latest version of Trigon.
Along with the announcement about the 0x41con talk, @alfiecg_dev shared a video demonstration, showcasing an untethered iOS 14 jailbreak based on Trigon. One of the devices in the video appears to be an iPhone 6s (with an A9 chip), while the other is an iPhone 7 (with an A10 Fusion chip).
While the jailbreak does indeed take advantage of the updated Trigon exploit, @alfiecg_dev explains that the inner workings are a lot different than the demonstration shared a few months ago. Some of the changes include increased stability, faster response time, and cleaned up code.
As for those who are hoping to take advantage of the updated Trigon exploit at some point, @alfiecg_dev says that they plan to release the updated version for all arm64 devices in the future, but there’s no ETA for when that might happen as there’s a lot of testing and development required to get this stuff working.
Despite the fact that this isn’t for modern devices and the latest firmware combinations, it’s still an important release. The bug it’s based on, CVE-2023-32434 is the same bug that made the Kernel File Descriptor (KFD) exploit possible with puaf_smith. It’s a powerful primitive, and its 100% success rate due to being deterministic is a game changer for anyone with a compatible device in their arsenal.
