0:00
what's going on YouTube gios right here
0:01
so in today's video we have some great
0:03
news coming from Ian beer of Google
0:05
Project zero and this is great news
0:07
about jailbreaking and a safari
0:09
vulnerability going to get into that in
0:11
a second this video is brought to you by
0:12
any unlock a software that allows to
0:14
unlock the screen passcode by passing
0:15
remove SIM lock definitely check the
0:17
program out in the link below so a
0:19
couple of days ago Ian beer of Google
0:21
Project zero posted this quote earlier
0:23
this year amnesty Tech and Clem 1 from
0:25
Google tag found an in the wild iPhone
0:28
zero day full chain today I'm publishing
0:30
my analysis of the Safari sandbox Escape
0:32
component the first in the wild sample
0:34
to break into the new Safari GPU process
0:37
so they posted a very long and detailed
0:39
right up here on the Google project zero
0:41
blog this is the official blog and this
0:43
contains a lot of information about this
0:45
particular vulnerability is the
0:46
vulnerability cve 2023
0:49
3249 and this vulnerability says in here
0:51
impact a remote attacker may be able to
0:53
break out of web content sendbox and
0:55
apple is aware that this was used in the
0:57
wild now to explain a little bit more
0:59
about what this is this is part of a
1:01
bigger chain of exploitation that was
1:03
detected this year back in April the
1:05
attackers were actually chaining
1:06
multiple vulnerabilities together and
1:08
they were actually able to infect
1:10
various iPhones by just sending
1:11
malicious links to the people and this
1:14
web content Safari vulnerability played
1:16
an important role because this one
1:18
provided a Sandbox Escape directly from
1:20
Safari so this created a vector for
1:22
infecting those devices now in itself
1:25
the whole payload containing everything
1:27
with all the exploits is probably very
1:29
dangerous and it's a good thing that it
1:30
was patched and that Apple took the
1:33
responsibility of releasing a patch very
1:35
fast so Apple did try to harden Safari
1:37
and webkit quite a lot in the past
1:39
couple of years because a lot of
1:40
jailbreaks did use that as a vector to
1:43
install the jailbreak or a lot of safari
1:45
based jail breaks in the past and they
1:47
try to fix that because it's not only
1:48
about the jailbreaks it's also about the
1:50
vulnerabilities and threats to various
1:52
people as you could see from here this
1:54
wasn't a jailbreak this was a targeted
1:56
attack that used those vulnerabilities
1:58
however we can use these for our Purp
1:59
purposes for our benign jailbreak
2:02
purposes because the information about
2:03
this web kit vulnerability is now fully
2:05
available on Google project Zero's blog
2:07
including coding here and all the
2:09
explanations about how this works by now
2:11
it's completely patched this is
2:12
basically iOS 16.4 and lower so this was
2:16
patched in iOS 16.4.1 that's a lot of
2:19
versions ago and iOS 16.4.1 and lower
2:22
are not even signed anymore so by now
2:24
it's safe to release this to the general
2:26
public however if you're interested in
2:27
jailbreaking you probably are on iOS 16.
2:29
four or lower and in that case somebody
2:32
can theoretically take this
2:33
vulnerability and create a safari based
2:35
jailbreak if they combine it with
2:36
another kernel exploit that's quite
2:38
interesting and I'm glad that em decided
2:40
to post this haul right up in here so if
2:41
you're running iOS 16.4 that's the whole
2:43
point I'm making this video if you're
2:45
running iOS 16.4 or lower you should
2:47
stay there at the moment because you
2:49
might be able to soon use a safari based
2:51
vulnerability somebody may use this to
2:53
create a jailbreak that is based in
2:55
Safari but we don't know that for sure
2:57
so for the moment it's best to just stay
2:59
we don't have any solid information that
3:01
somebody is working on something like
3:02
this so I can say for sure there will be
3:04
a safari based jailbreak based on this V
3:06
ability but your best bet would be to
3:08
stay below iOS 16.4.1 at the moment if
3:11
you don't want to take any chances
3:12
updating thank you for watching I am GSN
3:14
till the next time subscribe to stay
3:16
updated and peace out
