Trigon is a sophisticated deterministic kernel exploit targeting Apple’s iOS devices, leveraging the CVE-2023-32434 vulnerability.
This exploit, developed by Alfie CG and collaborators, introduces a groundbreaking approach to kernel exploitation by ensuring reliability and stability during and after execution.
Unlike traditional methods prone to instability, Trigon guarantees deterministic outcomes, making it a significant advancement in iOS security research.
Technical Overview
At its core, Trigon exploits an integer overflow vulnerability in the mach_make_memory_entry_64 function of Apple’s XNU kernel.
This flaw arises from unchecked additions of user-controlled size and offset parameters, allowing attackers to create oversized memory entries far exceeding physical device limitations.
By bypassing critical boundary checks, Trigon maps arbitrary physical addresses into userspace without triggering kernel panics—a rare achievement in modern exploitation techniques.
Trigon diverges from previous exploits like the kfd Smith method by avoiding physical use-after-free techniques. Instead, it utilizes a distinct code path to establish an arbitrary physical address mapping primitive.
This enables read/write access to any physical address except page tables. While this limitation initially posed challenges, researchers devised a method to identify page tables before accessing them, ultimately enabling full virtual read/write capabilities.
Currently, Trigon supports A10(X)-based devices running iOS 13–15.7.6, such as the iPhone 7 and iPad 6th Gen.
However, newer devices with arm64e architecture (A12 and above) are excluded due to hardware-enforced mitigations like Pointer Authentication Codes (PAC) and Page Protection Layer (PPL).
These protections prevent traditional object corruption and physical memory mapping exploits.
The developer aims to expand Trigon’s compatibility to include iOS 16.0–16.5 and additional chipsets, although hardware limitations may restrict feasibility.
Researchers continue exploring ways to enhance mitigation strategies against such exploits, emphasizing deeper integration of SoC-level memory management policies.
Trigon represents a leap forward in kernel exploitation by combining technical ingenuity with reliability.
It highlights critical vulnerabilities in Apple’s memory management architecture while pushing the boundaries of security research for older iOS devices.
