Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.

The zIVA exploit code allows an attacker to gain arbitrary RW (Read Write) and root access.

Apple patched flaws back in May

Apple has addressed the eight vulnerabilities at the heart of this exploit package in a security patch it released in May. One affects the IOSurface kernel extension and seven others affect the AppleAVE Driver kernel extension.

Even if Apple issued security patches, they asked Donenfeld to delay the exploit code's publication to give users more time to upgrade their devices.

Explaining the reasons for his research, Donenfeld said he "tried to investigate an area of the kernel that wasn’t thoroughly researched before." His research eventually led him to AppleAVE.

"AppleAVE was written neglecting basic security fundamentals, to the extent that the vulnerabilities described below were sufficient to pwn the kernel and gain arbitrary RW and root," he said.

Exploit code available on GitHub

Donenfeld is set to give a talk on the eight vulnerabilities tomorrow at the Hack In The Box - Singapore security conference. [Update: Here's Donenfeld's talk.]

Donenfeld works for Zimperium, the same company that discovered the notorious Stagefright vulnerability in the Android OS.

Back in February 2017, Zimperium announced a program called N-Days through which the company offered to buy "used" zero-days that stopped working, and prevent their public disclosure before patches were made available.

The zIVA proof-of-concept exploit code is available for download from GitHub. The table below describes the eight vulnerabilities Donenfeld reported to Apple earlier this year.