Despite the absurd amounts of time and money thatApplepours into security efforts to makeiOSone of the most secure mobile operating systems available today, it seems that even iOS 12.1, thelatest publicly-available firmware version on the iPhone and iPad, isn’t entirely hack-proof.
At the recent Pwn2Own contest in Tokyo, Richard Zhu and Amat Cama, a duo of white hathackers, reportedly harnessed the power of a powerfulSafari-based 0-day exploit to recover a photograph that was recently deleted from aniPhone X’s nativePhotosapp.
As it would seem, the hackers utilized a maliciousWi-Fiaccess point to facilitate their devious plan to exploit a just-in-time (JIT) vulnerability in the software. The hackers then took advantage of an Out-Of-Bounds write to achieve sandbox escape and escalation, empowering them to access system files that would typically be locked off.
Citing several reports, the hackers were able to access much more than just recently-deleted photos, which denotes how they likely achieved root filesystem access on the pwned handset.
The hackers were graciously rewarded a $60,000 prize for demonstrating their ability to break into Apple’siOS 12.1operating system.
Apple often pays significantly more for information concerningsecurityvulnerabilities in their software, but the Pwn2Owned contest potentially provided added benefit to the hackers by helping them earn a reputation in their field.
Immediately following the competition, Apple was notified about the security hole such that it could be patched in a futureupdateto iOS. Nevertheless, the exploit will be released after Apple officially patches it, which means it could potentially offer helpjailbreakcommunity hackers in their efforts to conceive an iOS 12.1 jailbreak.
It should be interesting to see how long it takes for Apple to patch the exploit, and more importantly, whether it will aid in jailbreak conception or not.
Are you happy to hear that iOS 12.1 is fully-exploitable? Share why or why not in the comments section below.
