A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims’ iPhoneX running iOS 12.1.2 and before versions.
To do so, all an attacker needs to do is trick iPhoneX users into opening a specially crafted web page using Safari browser, that’s it.
However, finding flaws and creating a working exploit to carry out such attacks is not as easy as it may sound for every iOS hacker.
Discovered by security researcher Qixun Zhao of Qihoo 360’s Vulcan Team, the exploit takes advantage of two security vulnerabilities that were first demonstrated at TianfuCup hacking contest held in November last year and then was later responsibly reported to the Apple security team.
According to the researcher, the remote Jailbreak exploit is a combination of two vulnerabilities, i.e., a type confusion memory corruption flaw (CVE-2019-6227) in Apple’s Safari WebKit and a use-after-free memory corruption issue (CVE-2019-6225) in iOS Kernel.
As shown in the video demonstration of the Chaos iPhone X jailbreak exploit, the Safari flaw allowed maliciously crafted web content to execute arbitrary code on the targeted device, which then used the second bug to elevate privileges and install a malicious application silently.
However, the researcher has chosen not to publish the code for iOS jailbreak in an attempt to prevent malicious attacks against Apple users and hopes that the jailbreak community would use this information to soon come up with a suitable jailbreak exploit for users.
“I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release. At the same time, I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community,” Zhao said.
At this moment, based upon the remote nature of this attack and wide threat surface, it is highly recommended for iPhone users to install the latest iOS update as soon as possible, rather waiting for a jailbreak.