0:00
what's going on YouTube GS right here so
0:02
a massive iCloud vulnerability or iOS
0:05
and iCloud vulnerability has been
0:06
patched by Apple in iOS 18 so iOS 17
0:10
people you are definitely at risk iOS 18
0:12
does patch it but the iOS 18 betas might
0:15
not so we going to get into this and I'm
0:17
going to talk about this varability
0:18
because it seems to be a quite
0:19
interesting one this developer posted
0:21
this iOS 17 proof of concept here's how
0:23
you can leak any iCloud app data by
0:25
copying and pasting two completely
0:27
unrelated files so if you go ahead here
0:29
on this website they do have an article
0:31
about the vulnerability itself and it
0:33
says unauthorized access to iCloud
0:35
analyzing an iOS vulnerability that
0:37
could expose sensitive data to attacker
0:39
now this was actually given uh cve 2024
0:42
44131 and if you copy it and search for
0:45
it you do actually find it it's a
0:47
vulnerability in file provider and it
0:49
says an app may be able to access
0:50
sensitive user data so I've read through
0:53
the article in here and the way this
0:55
works is essentially a vulnerability in
0:57
the files application you know the
0:58
default file manager on iOS and when
1:00
you're copying or moving a file a
1:03
malicious application running in the
1:04
background can actually intercept
1:06
transfers redirect these because it
1:08
manipulates symbolic links or paths for
1:10
those files and this means that your
1:12
privacy can be compromised because this
1:14
means that the malicious application
1:15
could actually leak personal information
1:17
like photos and I don't know sensitive
1:19
stuff from your iCloud account onto the
1:22
applications directory which it controls
1:24
and then of course upload it to whatever
1:26
server it wants to cuz normally there's
1:28
something that is called TCC that
1:30
intervenes on iOS and uh TCC stands for
1:33
transparency consent and control this
1:35
one is a framework on iOS that
1:37
essentially prompts you every time an
1:38
application wants to access files for
1:40
example if you want to limit access to
1:42
files or select certain photos or I
1:44
don't know maybe deny allog together
1:46
access to a specific path that handles
1:48
the consent and control on iOS and this
1:51
essentially bypasses it which means that
1:53
the malicious application could
1:54
essentially just snatch those files
1:56
change the symbolic links and just get
1:59
whatever files you have in there things
2:01
that you might consider sensitive or
2:03
maybe private it can upload them
2:05
anywhere because this takes advantage of
2:06
the file provider d diamond on iOS which
2:09
handles the file transfers and stuff
2:10
like that it says here by taking
2:12
advantage of the elevated privilege of
2:14
file provider D the malicious app can
2:16
hijack file movements or copies without
2:18
triggering a TCC prompt which means you
2:20
would not even know that it tried to
2:22
actually access your files so the
2:24
takeaway in here is that the files
2:26
application the files app is not exactly
2:29
very secure and while this has been
2:31
patched on iOS 18 and on Mac OS 15
2:34
because this was also Mac OS
2:35
vulnerability believe it or not you can
2:37
actually still run an iOS version that
2:39
is vulnerable for example those of you
2:40
who do run iOS 17 you actually are at
2:43
risk so you should definitely pay
2:46
attention what you install because this
2:47
still requires a malicious application
2:49
to run in the background it's not a zero
2:51
click attack by all means you still need
2:53
to be very careful what you install and
2:55
it's best if you do not keep sensitive
2:57
data on your device your device should
2:59
not not be considered something secure
3:01
because it very much isn't these days
3:03
with this many attacks you should really
3:05
not keep sensitive data in there
3:07
especially on iCloud so that's basically
3:09
it thank you for watching definitely
3:11
update your devices if you're not into
3:13
jailbreaking updating past iOS 18 will
3:16
actually help this is fixed in iOS 18.0
3:18
so if you update to the latest version
3:20
right now you will have this bug fixed
3:22
however you will not be able to
3:24
jailbreak at least not for a long time
3:26
ex so thank you for watching I'm GS snow