Developers Use Ian Beer's Write-up for MacDirtyCow-Like Tweaks on Newer Firmware
In a recent development that has sent shockwaves through the iPhone and iPad hacking community, renowned Google Project Zero security researcher Ian Beer has published a writeup about a new kernel exploit, CVE-2025-24203, affectionately known as dirtyZero or mdc0. This exploit allows for certain system customizations similar to those made possible by the infamous MacDirtyCow exploit on supported firmware.
According to Apple's 'About the Security Content of iPadOS 17.7.6' support page, this kernel exploit enables apps to modify protected parts of the file system. As a result, these apps can achieve functionality similar to that offered by jailbroken devices without requiring a prison break for the host device.
Since iOS and iPadOS 17.7.6 patched this exploit, it no longer functions on versions 17.7.6 or later of iOS and iPadOS, nor does it work on iOS and iPadOS 18.4 and later. However, developers have already begun harnessing the power of this exploit to create system customization tools that allow users to apply hacks and changes to the iOS and iPadOS mobile operating systems on versions ranging from iOS and iPadOS 16.0-16.7.10, 17.0-17.7.5, and 18.0-18.3.2 without a jailbreak.
MDC0: Unlocking Device Customizations
MDC0 is one of the tools developed by iOS developer Huy Nguyen (@Little_34306) that utilizes the CVE-2025-24203 exploit to unlock various device customizations that would typically require a jailbreak. According to the project's GitHub page, MDC0 supports the following features:
1. **Window Management**: The ability to run multiple apps in separate windows works on the latest iOS and iPadOS versions without any exploitation needed.
2. **App Customization**: The remaining features require the use of the exploit on supported firmware, enabling users to customize their app experience.
3. **Respring Utility**: A separate respring utility is required to save whatever changes made using MDC0.
Perma-Signing and Sideload Options
The MDC0 app can be perma-signed on devices that run TrollStore, or sideloaded on non-TrollStore devices by way of utilities such as AltStore Classic or Sideloadly. You can acquire the MDC0 app for free from the project's GitHub page.
dirtyZero: An Alternative Device Customization Toolbox
Another device customization toolbox currently available is dirtyZero, developed by iOS developer @skadz108. It offers some of the same customization options as MDC0 but with a slightly different user interface and fewer features. According to the project's GitHub page, dirtyZero supports the following features:
1. **App Customization**: This tool enables users to customize their app experience on supported firmware.
2. **Window Management**: While not as robust as MDC0's window management feature, dirtyZero still allows for some level of window management functionality.
3. **Respring Utility**: A separate respring utility is required to save whatever changes made using dirtyZero.
Perma-Signing and Sideload Options
The dirtyZero app can be perma-signed on devices that run TrollStore, or sideloaded on non-TrollStore devices by way of utilities such as AltStore Classic or Sideloadly. You can acquire the dirtyZero app for free from the project's GitHub page.
Conclusion
MDC0 and dirtyZero are two tools that take advantage of the CVE-2025-24203 exploit to offer system customization options on iOS and iPadOS devices without a jailbreak. Both apps are being frequently updated with new features, with MDC0 currently supporting more features out of the box.
As you consider using these hacks and add-ons made possible by this exploit, we want to hear from you! Do you plan to take advantage of any of the hacks and add-ons made possible with this exploit, or are you already jailbroken? Share your thoughts in the section below!