![]() ![]() “The exploitation of the UaF vulnerability depends greatly on the data structures of the released object, as well as how to use them, since, in the end, we have to convert to type obfuscation,” explained Zhao. Therefore, the entire process of accessing tfp0 doesn’t require the attacker to control the PC because a port property value in the ipc_voucher object is released. This information is more important than finding the bug in the above,” stated Zhao in his blog post.įurthermore, Zhao claims that PAC mitigation couldn’t put an end to jailbreak or even UaF because the latter can be used in the PAC environment. ![]() “The code that can be directly reached in the sandbox, that means the kernel developer may not be familiar with the rules for generating MIG code. The bug has already been patched in the latest version of iOS but Zhao claims that the problem hasn’t been completely fixed since the exploit code can reach directly in the sandbox. Zhao believes that very soon there will be a leak facilitated by his discovery, using which it will be possible to exploit iOS 12 in the sandbox. Although Zhao has released the PoC, he hasn’t revealed the exploit code, and instead, he wrote that to jailbreak the attacker would need to manually complete the exploit code or else “wait for the jailbreak community’s release.” In his blog post published on January 23, Zhao stated that the vulnerability can be accessed in the sandbox, which he refers to a Chaos. See: Zerodium is paying $2 million for Apple iOS remote jailbreak Hence, the attacker can access the targeted device’s data, processing power and everything else. The researcher Qixun Zhao posted the PoC on Twitter from his Twitter handle He also revealed that the exploit, dubbed as the tfp0 exploit, can help a remote attacker to jailbreak an iPhone X easily without even alerting the user. A China-based security researcher associated with the Qihoo 360 Vulcan Team has published a proof-of-concept exploit for a kernel vulnerability, which he claims to be the second stage of an exploit chain that he was successfully able to jailbreak iPhone X remotely.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |