0:00
what's going on youtube gs9 here so in
0:02
today's video we're going to quickly
0:04
discuss about a brand new vulnerability
0:07
that will be released for ios in the
0:09
near future and that might be usable for
0:11
a jailbreak before we get into that this
0:13
video is brought to you by whatsapper
0:15
which is an application that allows you
0:16
to transfer your whatsapp and all its
0:18
conversations and attachments from your
0:20
android to iphone so if you've got an
0:22
android device and you want to switch
0:24
over to a brand new iphone then this is
0:26
the perfect application to transfer
0:28
what's up between android and iphone
0:30
with no problem you can find it in
0:32
google play and of course they also have
0:34
a computer application that can do the
0:36
same thing but with a computer so
0:38
definitely check it out if you want to
0:40
transfer your whatsapp stuff so the
0:41
vulnerability i'm talking about is this
0:44
peterpen0927 here on twitter they
0:46
announced it a couple of days back and i
0:48
actually reached out to this developer
0:50
by dms and i asked them if they're going
0:52
to release this and what this is and
0:55
they indeed have confirmed to me that
0:56
this vulnerability was patched in ios 15
0:59
beta which means that it was patched in
1:01
these versions here but it would work
1:05
14.7 14.6 14.5.1 14.5 and 14.4 in its
1:10
subversions so it might be usable for
1:12
uncover or taurine or even the project
1:15
manticore or manticore jailbreak here so
1:17
that's actually pretty interesting now
1:19
here on twitter they didn't give a lot
1:20
of information they said quote my bug
1:23
patched in ios 15 beta tips xc new ipc
1:27
inspired by this person here and they
1:29
posted this photo basically showing ios
1:33
on iphone 12.1 and of course they show
1:36
crash log and stuff like that so they
1:37
did successfully run this on ios
1:40
14.7.1 which is currently the latest
1:42
version confirming in fact that it was
1:45
indeed patched on 15 because it works on
1:48
now a lot of people have indeed sent me
1:51
this and asked me what this is because
1:53
of course this person seems to be a
1:54
security researcher at alibaba security
1:57
pandora lab which means that they are
1:59
indeed legitimate it's not a fake
2:00
account or anything like that they do
2:02
work for a real security company and
2:04
they did find a real bug well while i
2:07
talked to them on dms they told me that
2:09
the bug is a type confusion and it might
2:12
be reachable from the sandbox or it may
2:14
not be but they believe it is and they
2:16
also said that they will provide a poc
2:18
or proof of concept and the information
2:20
about how this works in the future so
2:23
they are indeed planning to release this
2:25
at some point they give absolutely no
2:27
date when they're going to do that or
2:29
whether they 100 percent will do that
2:32
but they did not say they will never
2:33
release it so that's a good start now
2:36
being a type confusion is hard to know
2:38
how important it will be for jailbreak
2:40
purposes without seeing it without
2:42
seeing the proof of concept and without
2:44
seeing whether this is indeed reachable
2:46
from the sandbox it is indeed pretty
2:47
hard to say what this will be usable for
2:50
but if it does turn out to be useful we
2:52
might be able to use it for uncover we
2:54
might be able to use it for taurine and
2:55
even for project manticore which is
2:57
currently in development but waits a
2:59
proper kernel exploit in order to be
3:01
updated for 14.7 14.7 14.7.1 14.6 and so
3:05
on yes i know for the people waiting for
3:08
jailbreak on this versions the situation
3:10
has been pretty dry in the past couple
3:12
of months i do see that there have been
3:14
a lot of exploits and vulnerabilities
3:16
announced but not a lot of them released
3:18
that's the way it is it's unfortunate we
3:21
gotta wait there's not much we can do
3:23
other than just getting an android
3:24
device but why would you do that so i
3:26
guess at this point we just have to be
3:28
patient a lot of our abilities were
3:30
indeed announced they will probably be
3:32
released at some point but yeah the
3:34
situation is indeed dry so we just have
3:37
to wait it out thank you for watching i
3:39
am geosnow thank you for your patience
