0:00
what's going on YouTube gios right here
0:02
today with great news for those of you
0:03
with iOS 18.2 and newer on newer devices
0:07
if you're interested in customizing your
0:08
device through jailbreaking or otherwise
0:10
I do have some good news for you the cve
0:14
24104 has received finally a writeup and
0:17
it appears that it's not actually fully
0:19
patched this developer posted this quote
0:21
new writeup cve 2025 24104 Apple's bug
0:26
allowed arbitrary file reads outside the
0:28
sandbox while iOS 18.3 added mitigation
0:31
it doesn't fully fix the issue I even
0:32
bypassed it since my recommended fix
0:34
wasn't followed and they did post a
0:36
GitHub page over here containing just a
0:39
read me it goes in depth about the
0:40
vulnerability itself where it is when it
0:43
was found and of course the general
0:44
timeline when it was patched now
0:46
supposedly it was patched on iOS 18.3
0:48
beta 1 and if you go ahead here on the
0:50
security content of iOS 18.3 and you
0:53
search for the vulnerability it is in
0:55
fact in here and apple says that
0:56
restoring a maliciously crafted backup
0:58
file may lead to modification of
1:00
protected system files now you may find
1:03
this very useful because of misaka X
1:05
which allows you to enable tweaks on iOS
1:08
without being jailbroken and also nugget
1:10
which allows you to enable even more
1:12
tweaks on iOS without being jailbroken
1:14
tweaks like Dynamic Island on your
1:15
device um you know iPhone 10 gestures on
1:18
the iPhone SC change the device model
1:20
name enable boot time charge limit
1:22
Collision SOS stage manager you know
1:24
disable various demons and whatever
1:26
there are a lot of things that you could
1:28
do with nugget and doesn't even require
1:30
a jailbreak and it's not even detected
1:32
by jailbreak detection in apps so this
1:34
was amazing and this kind of
1:36
vulnerability can definitely be used for
1:38
that because with this you could
1:39
potentially extract the mobile gestal
1:41
file which was important for both of
1:44
these tools because you would load that
1:45
file into Mya or nugget and it would
1:48
modify that file that you would then
1:50
restore back and it will allow you to
1:52
have those customizations so they have
1:54
this kind of vulnerability still not
1:56
patched properly it's actually great and
1:58
according to the developer they already
2:00
managed to defeat Apple's fix from IOS
2:02
18.3 which could potentially lead to a
2:05
proper tool being released yet again
2:08
that would support even iOS 18.3 maybe
2:10
even iOS 18.3 point1 and 18.4 it depends
2:14
when or whether the developer does
2:16
actually uh report this new bypassed
2:18
Apple so this is great and it would
2:21
render newer tools like misaka X or even
2:24
nugget to be updated if paired with
2:26
other vulnerabilities so definitely stay
2:28
in touch we're going to make video on
2:30
updates if this gets used or if it gets
2:32
released but it's nice to see that apple
2:34
is still failing to patch properly those
2:36
vulnerabilities just like what they did
2:38
with troll store this video was brought
2:39
to you by 8K SEC they provide a great
2:42
offensive iOS internals course where you
2:43
can learn how to build your own iOS Gill
2:46
breaks find your own iOS vulnerabilities
2:48
and even exploit them so if you want to
2:49
learn about the iOS kernel how to find
2:52
those vulnerabilities how to do proper
2:53
reverse engineering on iOS binaries both
2:56
on apps and system binaries definitely
2:58
check out their course below it's packed
3:00
with a lot of information so if you want
3:01
to learn how to do all this stuff by
3:03
yourself there is nothing that can stop
3:05
you with this course check it out in the
3:06
link below thank you for watching I am
3:08
GS snow till the next time subscribe to
3:10
stay updated and peace out
