0:00
what's going on YouTube gios right here
0:02
today we're discussing a very important
0:04
new vulnerability that could definitely
0:06
be useful for jailbreak purposes
0:08
especially if you have a newer device on
0:10
iOS 18.2.1 and lower for example and you
0:13
want to jailbreak sooner than later so
0:18
2485 is actually quite a huge one this
0:22
one was actually used to attack somebody
0:24
so the hackers use this in an attack
0:27
against devices and Apple has indeed
0:30
patched it but apparently it wasn't
0:32
fully patched and it is quite powerful
0:35
there's talks about this vulnerability
0:37
being persistent so like unted and it
0:40
could definitely be useful for jailbreak
0:42
purposes because it's very powerful
0:43
indeed now this uh report over here was
0:46
posted on Reddit cyber security a day
0:48
ago and it details the vulnerability
0:50
itself we knew about the vulnerability
0:52
because it was actually patched in iOS
0:54
18.3 or at least Apple tried to patch it
0:57
in iOS 18.3 and it isn't here in core
1:00
media so you can find it over here it
1:02
says it affects iPhone 10s and newer and
1:05
a malicious application may be able to
1:07
elevate Privileges and apple is aware of
1:09
a report that this issue may have been
1:11
actively exploited now it does seem to
1:13
have been exploited and the person who
1:15
was victim of it posted this report over
1:18
here so apparently the way this
1:20
vulnerability works is by using an
1:22
exploit in iMessage which bypasses their
1:25
security feature the blast door sandbox
1:27
and then it is a web kit vulnerability
1:29
that is being triggered then of course
1:31
it get access to keychain and to the
1:34
device Network to change it through a
1:36
rogue proxy and stuff like that so more
1:39
attacker stuff but this could
1:40
essentially be useful for jailbreak
1:42
purposes since in order to do all this
1:44
stuff it actually requires quite a
1:46
powerful vulnerability which includes a
1:48
Sandbox bypass you know roote Privileges
1:50
and so on a couple of weeks ago back in
1:52
January we got this report here Apple
1:55
fixes actively exploited zero day
1:57
vulnerability and it's the same
1:58
vulnerability over here and we know that
2:00
it affects newer devices so everything
2:02
newer than iPhone 10 and it actually
2:04
works up to iOS 18.3 which patches the
2:07
vulnerability however according to the
2:09
person who posted the report and
2:11
apparently is one of the victims this is
2:13
not fully patched in iOS 18.3 and it
2:16
does work even on iOS 18.3 point1 to
2:19
some extent if you go ahead here in the
2:21
comments the op said that quote I a
2:23
victim of this attack not a researcher
2:25
the report was drafted after reverse
2:27
engineering the exploit it was sent to
2:29
Apple on January 28th Apple
2:31
unfortunately did not detect a security
2:33
issue while also issuing a patch an
2:36
incomplete one I might add the exploit
2:38
is still workable after a retesting on
2:40
iOS 18.3 point1 so it seems that Apple
2:44
failed to properly patch this
2:45
vulnerability and it's quite a huge one
2:47
especially since it allows elevated
2:49
privileges on iOS and it does have the
2:52
zero click method which means that you
2:54
would get an iMessage containing an
2:56
image a malformed image and that would
2:58
be it you don't have to click it you
2:59
don't have have to open it you don't
3:00
have to do anything that would trigger
3:02
the vulnerability and that would infect
3:04
the device quite powerful and definitely
3:07
usable for jailbreak purposes although
3:08
it seems that Apple did not do a good
3:10
job patching the issue if you interested
3:12
in jailbreaking you should go ahead here
3:14
on adice central.com click on the
3:16
jailbreak tools and check out the latest
3:17
jailbreak tools available for all iOS
3:19
versions We Do keep a listing here and
3:21
we update it regularly this video is
3:23
brought to you by 8K SEC they provide a
3:25
course on how to find your own iOS
3:27
vulnerabilities exploit them and
3:29
understand better the iOS security thank
3:31
you for watching I am GS snow peace out
