Research Updated Aug 24, 2023

KFD apps for iOS 16.2 – iOS 16.5, and iOS 16.6 Beta 1


KFD, short for kernel file descriptor, is a new exploit by felix-pb to read and write kernel memory on Apple devices. It leverages various vulnerabilities that can be exploited to obtain dangling PTEs, which will be referred to as a PUAF primitive, short for “physical use-after-free”. Then, it reallocates certain kernel objects inside those physical pages and manipulates them directly from user space to achieve kernel read/write.

This kernel read/write exploit is used now by iOS customization and tweaks developers to change the look of Home Screen, alter hidden system settings, remove Dock background, replace icons, modify Control Center appearance, activating Dynamic Island on all iOS 16 devices, and more. Basically, everything possible with the old exploit to create MacDirtyCow tweaks can be also achieved with KFD exploit. However, it requires discovering special offsets.

KFD exploit code is conveniently bundled within the library, libkfd, but the project also provides straightforward executable wrappers for iOS. This exploit has been made available as an open-source project under the permissive MIT license through a GitHub Repository.

KFD effectively targets two critical vulnerabilities: CVE-2023-32434 and CVE-2023-23536. It successfully compromises A12 to A16 devices (iPhone XS – iPhone 14) running iOS 16.5 and earlier versions, and iOS 16.6 Beta 1. While it might be possible to use KFD to exploit iOS 15, a more advisable approach is to utilize the MacDirtyCow exploit instead.

Note: KFD exploit was fixed, and it will never work on iOS 16.5.1 and newer, also iOS 16.6 Beta 2 includes a fix disallowing the exploit to work properly.

Best KFD apps for iOS

KFD exploit has enabled the release of various tools for iOS 16 on A12+, all of which can be installed without the need for a jailbreak. It is important to note that the vulnerability was addressed in the subsequent releases of iOS, with iOS 16.5.1 and iOS 16.6 Beta 2 fixing the bug. As a result, none of the KFD tools will function on these or any later releases of iOS.

1. Misaka

Misaka KFD is a tweak manager for MacDirtyCow & KFD exploits, allowing you to modify iOS without the need of jailbreak. It doesn't offer as many possibilities a jailbreak has to offer, but still things you can modify or enable on your device are amazing. Misaka supports all devices compatible with KFD, both jailbroken and not, running A12-A16 (iPhone Xs – iPhone 14 Pro Max) on iOS 16.2 – iOS 16.5 & iOS 16.6b1. Misaka offers access to over 300 tweaks.

Misaka KFD screenshot.

2. Cluckabunga

Cluckabunga KFD is a new project from LeminLimez, the developer behind Cowabunga. This new initial release of KFD Toolbox provides essential configuration options for Springboard, Lock Icons, Custom Fonts, and even enables Dynamic Island on any device running iOS 16.2 and newer. Cluckabunga supports features to enable Dynamic Island and X Gestures on iOS 16, and all Springboard Tools from Cowabunga were integrated into the new app.

Chicken Butt KFD screenshot.

3. KFDFontOverwrite

KFDFontOverwrite is a new application utilizing the KFD exploit for iOS to replace system fonts. Because the application is using the KFD exploit, it doesn't require a full-featured jailbreak to change iOS fonts. Furthermore, you can also import even more compatible fonts and apply them on your iOS 16 device. Everything from iPhone XS to iPhone 14 Pro Max is compatible. Also, it works on iOS 16.6b1 with iPhone Xr, iPhone 11 and 11 Pro, iPhone 14 Pro.

KFDFontOverwrite KFD screenshot.

4. Posi0nKFD

Posi0nKFD is a tweak tool for iOS, leveraging the recently unveiled KFD exploit compatible with iOS versions 16.5 and below, as well as iOS 16.6 Beta 1. While its potential reach all modern devices from A12 to A16. Posi0nKFD empowers you to customize your iOS device effortlessly, offering features such as hiding the Dock and Home Bar, enabling iPhone 14 Pro Resolution, and even allowing you to use custom fonts. Furthermore, you can personalize the CC with custom icons and add a touch of uniqueness to your Lock Screen with custom icons as well.

Posi0nKFD KFD screenshot.

5. SimpleKFD

SimpleKFD is a KFD exploit to personalize hidden iOS settings, all without the necessity of a jailbreak. This application truly distinguishes itself by offering comprehensive tweak support spanning from iOS 15 to iOS 15.7.6, and from iOS 16 to iOS 16.5, including iOS 16.6 Beta 1. Within this collection of options, you'll uncover a spectrum of functionalities, such as hiding elements like the Homebar and Dock, unlocking the full prowess of the 14 Pro Max resolution, and harnessing the dynamic capabilities of the 14 Pro Max Dynamic Island (only on iOS 16).

SimpleKFD screenshot.

6. PureKFD

PureKFD (PurityKFD) is a new project developed by Lrdsnow, allowing users to access Picasso Packages and Misaka package and execute them using KFD exploit on supported devices. Basically, this is a simple KFD tweak manager, combining Picasso and Misaka tweaks. However, the Misaka Repositories are not yet supported and will be added in the near feature. The core concept driving PureKFD is to offer Picasso enhancements, which, in reality, are readily available for free. However, PurityKFD necessitates users to make a purchase for these tweaks.

PureKFD screenshot.

7. Picasso

Picasso emerges as a cutting-edge tweak manager designed exclusively for jailed iPhones, harmoniously compatible with the KFD exploit. This application is introduced as premium software, accessible for a reasonable price of $5.95. It extends its support from iOS 16.0 through iOS 16.5, and also iOS 16.6 Beta 1 on A12+ iPhones. The developers have indicated that Picasso will ultimately become available as a free release after beta tests.

Picasso KFD screenshot.

Picasso distinguishes itself with an impeccably crafted user interface, presenting a sleek and intuitive design. However, it's worth noting that there are alternative package managers available in the community that provide significantly more features and functionality at no cost.

Sponsored links

Post a comment

Latest Posts


App Stores in EU

App Stores in EU

When the European Union compelled Apple to permit third-party App Stores within their ecosystem, anticipation surged among users eager to access a truly open platform for downloading games, apps, and tweaks. The significant development promised...


Pullover Pro

Pullover Pro

According to Apple, implementing multitasking on iPhones, particularly with the use of Stage Manager, has been deemed impossible without Virtual Memory Swap and the M1. This announcement was made during the WWDC22 event. However, for years, jailbreak...


Dopamine 2.0 Jailbreak

Dopamine 2.0 Jailbreak

Lars Fröder has announced the rebranding of Fugu15 Max to Dopamine. This newly developed jailbreak is specifically designed to provide A12+ devices running Dopamine with the ability to utilize tweak injection (ElleKit) features on iOS 15 – iOS...