0:00
what's going on YouTube gios right here
0:02
in today's video we have an update
0:03
related to the vulnerability for iOS
0:05
that we discussed in previous video it's
0:08
that one from Reddit when somebody
0:09
posted that they've been a victim of
0:11
this attack with this vulnerability cve
0:15
2485 and they posted this report over
0:19
here we discussed about it in a previous
0:20
video which is going to be linked down
0:22
below and in the card if you want to
0:24
check it out but I promised I will come
0:26
back with an update after some
0:27
controversy surfaced regarding this
0:29
report over here there is some
0:31
information about this vulnerability
0:33
some people in the Jil Community some
0:35
developers in the Jil Community analyze
0:36
a little bit the vulnerability and some
0:38
things do not make sense While others
0:40
remain intact the claims made by this
0:43
person over here appear to be very
0:45
paranoid um it appears that the person
0:47
is paranoid over the fact that they
0:49
found some suspicious stuff in a backup
0:52
that they've analyzed on their own
0:53
device and they believe they are a
0:55
victim of this vulnerability attack now
0:57
the report over here appears to be
0:59
generated with AI not sure what kind of
1:02
AI or which one but it does appear to be
1:04
a lot of mumbo jumbo in it like blast
1:06
door bypass which would happen in an
1:08
iMessage exploit but this vulnerability
1:11
may not be an iMessage exploit because
1:14
if you look at it actually it says it's
1:15
in core media and it says that a
1:17
malicious application may be able to
1:19
elevate privileges but it doesn't say it
1:20
bypasses blast door or iMessage or
1:23
anything so not everything in this
1:25
report or nothing in this report may
1:28
actually fit the vulnerability we can
1:29
scrap it for what we care several
1:31
developers in the gelber community said
1:33
that this person is essentially just
1:35
paranoid and may have never encountered
1:37
the vulnerability itself however the
1:39
vulnerability itself is indeed
1:41
legitimate as you can see here on the
1:43
national vulnerability database of the
1:45
United States the vulnerability itself
1:47
is present it says it's a use after free
1:50
issue it was addressed with improved
1:51
memory management and they gave it a
1:54
base score of 7.8 which is high so it's
1:57
a serious vulnerability Apple also list
2:00
the vulnerability in their patch note
2:02
for iOS 18.3 and they say that they are
2:05
aware that the vulnerability may have
2:06
been actively exploited against versions
2:09
of iOS so as apple is aware of a report
2:11
that this issue may have been actively
2:13
exploited so this is indeed a real
2:15
vulnerability it is indeed powerful and
2:18
it does indeed take part in a very
2:20
likely larger chain of exploitation
2:23
containing several more vulnerabilities
2:25
all working together to attack various
2:27
people now we don't know who those
2:29
victims might be it's very likely that
2:31
this person on Reddit may have never
2:33
encountered this vulnerability they may
2:35
truly believe that it is that
2:36
vulnerability based on the report that
2:38
they read from Apple over here and some
2:41
files that they found but we have
2:43
absolutely no proof that it's that
2:45
vulnerability or they've been attacked
2:47
with any vulnerability and they seem to
2:49
be overly paranoid in the comments as
2:51
well like somebody's out to get them no
2:53
idea why but the vulnerability itself is
2:55
indeed legitimate anyway the
2:56
vulnerability itself we don't know how
2:58
useful it is for jelp purposes since the
3:01
report over here no longer makes sense
3:03
so we know that it's not based on what
3:05
this user says however it's still very
3:07
likely usable in a way or another for
3:09
jailb purposes because Apple already has
3:12
a report that this has been actively
3:14
exploited which means that somebody
3:16
hacker very likely used it in a chain of
3:18
exploitation so it would do what it
3:21
would either get root privileges or to
3:24
bypass sandbox something it does may not
3:27
be everything that we need for a
3:28
jailbreak but it might be usable in a
3:30
chain of exploitation on a jailbreak
3:33
because it seems to be a powerful
3:34
vulnerability already used on something
3:36
similar but for nefarious reasons if I
3:38
get more updates on this vulnerability
3:40
I'm going to make newer videos on this
3:42
to keep you updated but for now you can
3:44
scrap this report over here we have no
3:46
idea if this person even encountered the
3:48
vulnerability and the information that
3:50
they provide is very cryptic and uh
3:52
proves nothing at the moment so you can
3:54
just toss it off as being overly
3:56
paranoid at the moment however the
3:58
vulnerability is indeed legit legitimate
4:00
and you should keep an eye on it for
4:01
jailbreak stuff definitely go ahead and
4:03
check out the jailbreak tools here on iy
4:05
central.com I keep a list of all the
4:07
jailbreaks for all iOS versions newer or
4:10
older for all devices on this page over
4:12
here if a jailbreak is not here is very
4:14
likely fake the video is brought to you
4:16
by 8K SEC they provide you the offensive
4:18
iOS internal course if you want to learn
4:20
how to find your own iOS vulnerabilities
4:22
analyze them and of course exploit them
4:25
they teach you how to use the security
4:26
techniques on iOS against iOS how to
4:29
find find iOS vulnerabilities as well as
4:31
how to understand the iOS kernel better
4:33
so definitely check it out in the link
4:35
below thank you for watching I'm GSN