0:00
what's going on YouTube GS right here so
0:02
do you guys remember Ian beard the
0:04
security researcher who made various iOS
0:06
10 jailbreaks possible by releasing
0:09
several exploits back in the day well
0:10
they are back and they posted a huge wup
0:13
for the 2023 NSO in the wild iOS zeroc
0:17
click blast door webp exploit so the
0:20
Google project zero has been posting
0:22
this kind of writeups for a long time
0:24
they cover a lot of vulnerabilities
0:26
including iOS ones and we actually used
0:28
to use this for jailbreak purposes is
0:30
quite a lot many vulnerabilities
0:31
detailed and released by project zero
0:33
including by Ian beer have been used in
0:36
yalo jailbreak and stuff like that and
0:39
this time they detailed a very important
0:41
and huge vulnerability because this one
0:43
is essentially a zero click
0:45
vulnerability you don't have to do
0:46
anything you don't have to click on
0:47
anything you will just get an iMessage
0:50
and that iMessage contains the trigger
0:51
for that whole exploit it's huge and it
0:54
was patched and it's an older
0:55
vulnerability by now but the writeup has
0:58
just been posted now yeah it really took
1:00
two years to get this posted but as you
1:02
can see here it's a huge write up
1:04
detailing every single part of the
1:06
exploit chain and everything that they
1:08
managed to analyze now previously we did
1:10
get this from the citizen lab back in
1:12
2023 they posted this quote NSO group
1:15
iPhone 0 click zero day exploit captured
1:17
in the wild they did detail what cves
1:20
were attributed by Apple and that an
1:22
update is now available and that you
1:24
should enable lockdown mode if you think
1:26
that you are victim of this and that the
1:28
exploit was actually used in the wild to
1:31
Target somebody with government ties but
1:33
that's about it no explanation of how
1:35
the exploit worked no code nothing
1:38
however what Ian be are posted in here
1:40
is the full write up containing all the
1:42
code all the information on how it
1:43
worked and so on and it turns out that
1:45
this is actually very similar to another
1:47
NSO exploit captured in the wild part of
1:50
the Pegasus spyware called forced entry
1:53
they are actually quite similar and as
1:55
it turns out this essentially exploits
1:57
an issue in the web P processing so we P
2:00
it's an image format like jpeg or PNG
2:02
and stuff like that so if you go ahead
2:04
and read this is actually quite
2:06
interesting it's not an easy
2:07
vulnerability it's not a simple one and
2:09
it's extremely powerful even to this day
2:12
this one is really really powerful so
2:14
yeah it's nice to see Ian be back doing
2:16
iOS stuff even though it's for an older
2:19
iOS version this is still a massive find
2:22
and at the time this exploit was
2:23
captured in the wild it actually raised
2:25
a lot of concerns because this was
2:27
completely no click no interaction from
2:30
the user and it was found out that it
2:32
was already used against somebody so
2:34
this is NSO at work yet again with their
2:37
very complicated exploit anyway pretty
2:39
nice to see I definitely recommend you
2:41
to read this especially if you're on iOS
2:42
16x using cow banga and stuff like that
2:45
this is definitely something you would
2:47
want to know anyway this video is
2:48
brought to you by Tor sh Ru a software
2:50
that allows you to fix your iOS device
2:51
easily with just a couple of clicks if
2:53
your devic is stuck in dfu mode stuck on
2:55
Apple logo it won't turn on frozen
2:57
screen iPhone disabled stuff like that
2:59
you can definitely check out their tool
3:01
it can fix up to 150 plus iOS and iPad
3:04
OS errors definitely check it out in the
3:06
link below thank you for watching I'm GS
3:08
now till the next time peace out
