iOS 12 Jailbreak Proof of Concept Published - Chinese Security Researcher

by Jerome

A Chinese security researcher has revealed the technical details to critical vulnerabilities in Apple Safari web browser and iOS that allows a remote attacker to jailbreak and compromise an iPhoneX running iOS 12.1.12 and before versions.

The trick? The attacker only needs to trick the iPhoneX user into opening a custom crafted web page using Safari!

As shown in the video, a flaw in Safari allows an attacker to use a well crafted malicious web content to execute arbitrary code on the victim device, and subsequently privilege access through a second vulnerability, and finally installing an application.

Fortunately, the researcher has chosen not to publish the exploit code in an attempt to prevent malicious attacks against Apple users. It is highly recommended for iPhone users to install the latest iOS update as soon as possible in light of this discovery.

Source: http://blogs.360.cn/post/IPC Voucher UaF Remote Jailbreak Stage 2 (EN).html