PoC for Remote iOS 12 Jailbreak On iPhone X released


A Chinese security researcher published the technical details of many vulnerabilities in Apple Safari web browser and iOS which permits a remote hacker to jailbreak and compromise victims’ iPhoneX running iOS 12.1.2 and earlier versions.

In order to do this, the hacker has to mislead the users to open a specifically crafted web page using Safari browser.

The exploit dubbed as “chaos”make use of two security vulnerabilities which was demonstrated initially at TianfuCup hacking contest held in November last year following reporting it to the Apple.

The researcher, Qixun Zhao of Qihoo 360’s Vulcan Team released proof-of-concept video demonstration of the exploit after Apple released their iOS version 12.1.3 to patch the issues.

The researcher states that the remote Jailbreak exploit is a blend of two vulnerabilities, which are a type confusion memory corruption flaw (CVE-2019-6227) in Apple’s Safari WebKit and a use-after-free memory corruption issue (CVE-2019-6225) in iOS Kernel.

Take a look at the video demonstration of the Chaos iPhone X jailbreak exploit

The Safari flaw permitted maliciously crafted web content to execute arbitrary code on the targeted device, and then used the second bug to elevate privileges and install a malicious application silently.

The code for iOS jailbreak has not been published to prevent any attack against Apple users and the researcher believes that the jailbreak community would use this information to find a suitable jailbreak exploit for users.

It is advised that the iPhone users must install the latest iOS update at the earliest rather than opting for a jailbreak.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Google fined $57 million by France for GDPR Violation

    Previous article

    New ransomware tricks users to download it

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *