Specialist team Vulcan Team of Qihoo 360 Zishun Zhao disclosed details about the vulnerabilities in the browser Apple Safari and iOS, allowing you to hack the iPhone X running iOS 12.1.2 and earlier. For a successful compromise of the device the attacker would only need to get its owner to open a malicious page in Safari.
Researcher published PoC-code, called Chaos, exploits two vulnerabilities, which were first demonstrated by a team of Qihoo 360 competition TianfuCup in November of last year. We are talking about the vulnerability memory corruption vulnerability (CVE-2019-6227) in Apple Safari WebKit and vulnerability use-after-free (CVE-2019-6225) in the iOS kernel.
As seen in the video demonstrating the exploit, using the first vulnerability, the attacker can create a page in Safari that contains script to execute malicious code on the target device, and then, using a second bug to escalate privileges and install malicious application.
The researcher made the decision not to publish the code of the jailbreak in order not to expose the user to the iPhone and the iPad danger.
Last week, security researchers Min Zheng, and Bai Sialang reported vulnerability in the core of the iOS version 12.1.2, allowing you to hack the next-generation iPhone, released in 2018.
Recall that in early January, the company Zerodium specializing in the sale of exploits for vulnerabilities in various platforms have increased the amount of remuneration for exploits for vulnerabilities in iOS to $2 million
Jailbreak is an operation that allows to access the file system of a number of Apple devices including iPad, iPhone or iPod Touch. This procedure extends the standard capabilities of the device: in addition to access to the file system, the user receives, for example, the ability to install apps not from the App Store or change themes.
Read more •••