0:00
what's going on youtube gsm right here
0:02
so in today's video i have some good
0:03
news but also some bad news in terms of
0:05
jailbreaking coming from google project
0:07
zero they have released a brand new
0:09
vulnerability a complete write up in
0:11
fact ember has released it embr has been
0:13
known in the past to release important
0:15
vulnerabilities for jailbreak community
0:17
and they are working for google project
0:19
zero but this time the one that has been
0:21
released is actually quite puzzling
0:23
because this one is indeed a zero click
0:25
imessage exploit which has been used in
0:28
the wild against various people so just
0:30
a couple of hours ago ian beer of google
0:32
project zero posted this quote today
0:34
we're publishing a detailed technical
0:36
write-up of this vulnerability here i'm
0:37
not going to pronounce it because it's
0:38
going to demonetize the video the
0:40
zero-click imessage exploit linked by
0:43
lab to the exploitation of journalists
0:45
activists and dissidents around the
0:46
world so this is basically an imessage
0:49
zero click attack this means that the
0:51
victim wouldn't have to click on any
0:52
links or tap on anything or open
0:55
anything it would work directly by
0:56
sending them a message which makes it
0:58
even more powerful now of course once
1:01
this has been released by google project
1:03
zero a lot of people ask me can we use
1:04
this for jailbreak purposes well it's
1:06
very likely that we can that's not the
1:08
problem it's basically an imessage
1:10
exploit so i don't exactly see a
1:12
jailbreak being made via imessage but it
1:15
could be done in some remote setting
1:17
probably the problem is the
1:18
vulnerability itself is actually quite
1:20
powerful even more powerful than a
1:22
jailbreak would actually need this one
1:24
is a zero click which means that you
1:25
wouldn't even know you've been targeted
1:27
you would just receive something like
1:29
this a strange message which many scam
1:31
messages look like this nowadays and of
1:33
course this is actually a huge massive
1:36
attack surface that has been discovered
1:38
here and detailed by google project zero
1:41
initially by nso if you remember the nso
1:44
pegasus thing it's basically that thing
1:46
all over again it's nso again back at it
1:49
with another vulnerability this one is
1:51
called like this and of course it has
1:53
been used against people before so in
1:55
terms of jailbreaking yes we probably
1:57
can use this for jailbreak purposes for
1:59
touring or uncover if they decide to go
2:01
imessage powered like for example to
2:04
start a jailbreak via an imessage
2:06
payload that would possibly be doable
2:08
but i wouldn't see it very practical
2:10
because who sends the message in the
2:11
first place how do you activate it in
2:13
the first place how do you send the
2:14
payload do you send it to yourself or
2:16
what it would be a little bit weird to
2:18
implement but the vulnerability is there
2:20
and it's actually powerful enough that
2:22
it has been used to exfiltrate files
2:24
from people's devices into the
2:26
attacker's server so that's actually
2:28
quite bad now the reason i'm making this
2:29
video is at first for jailbreak purposes
2:31
this is a huge vulnerability very
2:33
important for jailbreak purposes if it
2:35
gets used although not very practical
2:37
because as i said it's imessage powered
2:39
but at the same time to inform you about
2:41
a huge security issue in imessage now
2:44
it's probable that this is not going to
2:46
affect you directly because as you can
2:47
see the people who are targeted are
2:49
journalists activists dissidents and so
2:51
on around the world you the average joe
2:54
will probably not be targeted with
2:55
something like this but if you fear that
2:57
there is a risk and you hear that you
2:58
are in a position where you might be
3:00
targeted this has been patched in 14.8
3:03
so yeah if you're running 14.7 14.6
3:06
14.5.1 in here you are indeed vulnerable
3:10
14.8 is the first ios version to patch
3:12
this and of course the ios 15 after that
3:15
does indeed patch it do i recommend you
3:17
to update if you're on a lower version
3:19
just to mitigate this well it all
3:20
depends on you you know what kind of
3:22
risk you have what kind of person you
3:24
are if you're a public figure if you're
3:26
not if you're popular if you're not can
3:28
you stumble across it from like a scam
3:30
message or something like that yeah the
3:32
chance is there but it's unknown how big
3:34
it is if you're not an influencer or a
3:36
journalist or something like that
3:38
definitely powerful and while it can be
3:40
used for jailbreak purposes it does
3:42
bring important security issues to the
3:43
table as well if you want to learn more
3:45
about how they pulled it off you can
3:46
definitely check out the blog by google
3:48
project zero absolutely detailed
3:50
blogging here by ember and their team
3:52
and they explain exactly how it works
3:54
and it's actually quite complicated a
3:56
lot more complicated than i would like
3:58
to get into in this video it's a lot of
4:00
technical stuff it's long but it's
4:02
definitely interesting to see in terms
4:04
of jailbreaking while it might be usable
4:06
the vulnerability might be usable we
4:08
don't know for sure right now it's
4:10
probably very impractical to use because
4:12
it's via imessage it's not via safari so
4:15
i don't really see uncover or taurine
4:17
being updated to work with that but the
4:18
vulnerability itself probably is
4:20
powerful enough to create a jailbreak if
4:22
they really wanted to so yeah that's
4:23
basically it if you want to stay safe
4:25
you can update past 14.8 but do know
4:28
that you are diminishing your
4:29
jailbreaking chances if you go past ios
4:31
14.8 so thank you for watching ings now
4:34
till next time subscribe to stay updated
