“Chaos” Exploit Allows Remote Jailbreaking Of An iPhoneX – Phones Running iOS 12.1.2, Still Vulnerable

More interesting news regarding iOS jailbreak is here.

A Chinese security researcher just published some notes that he alleges are a proof-of-concept exploit that would allow a remote attacker to jailbreak an iPhone X providing the hacker with access to the data of the victim, processing power and more unwanted actions.

The Chaos exploit 

Qixun Zhao from Qihoo 360 has built the exploit which he named “Chaos” around the previously disclosed vulnerabilities in Apple Safari web browser and iOS. Apple patched this with the iOS 12.1.3.

It’s important to mention that phones that are running iOS 12.1.2 and earlier version of the OS are still vulnerable to Chaos.

Threatpost notes that this “employs two security vulnerabilities that were first demonstrated at TianfuCup hacking contest last November: A memory corruption flaw in Apple’s Safari WebKit (CVE-2019-6227); and a use-after-free memory corruption issue in the iOS kernel (CVE-2019-6225).”

Installing a malicious app

The first vulnerability allows a bad actor to create a malicious webpage using the Safari browser which contains scripts for executing arbitrary code on a targeted device.

After the code is executed, the attacker can come and use the second flaw in order to gain some important privileges and install a malicious app.

This app can be any kind of malware built for espionage, SMS fraud, crypto mining and more.

The researcher has published a PoC video but has not published the jailbreak code considering the potential massive attack surface.

“I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release,” he reportedly said in a technical write-up of the exploit.

He continued and explained that “At the same time, I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community.”

You can check out the technical info in his writings.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *