0:00
what's going on youtube geosnowright
0:02
here in today's video i have some great
0:03
news for those of you who are interested
0:05
in jailbreaking but also some bad news
0:07
for those of you interested in security
0:09
security researcher pattern f posted
0:11
quote ios 14.0 remote jailbreak demo rce
0:15
plus lpe which means remote code
0:16
execution and local privilege escalation
0:19
exploit don't stay on versions on or
0:21
below ios 14.3 if you click a malicious
0:24
link bad guys would steal everything on
0:26
your iphone so as it turns out pattern f
0:28
was able to create a safari based
0:31
jailbreak like pawn my but this one
0:33
works on 14.3 and lower so if everything
0:36
in here gets released we will be able to
0:38
get a replacement for uncover or taurine
0:41
which would actually work directly from
0:43
safari so you wouldn't have to sign any
0:45
more that's the good part that's
0:47
basically the good news we would be able
0:48
to create a safari jailbreak for 14.0 to
0:51
14.3 however as pattern f says in here
0:54
we do have a problem this means that if
0:56
you're running any of the vulnerable
0:58
versions absolutely any link you tap on
1:00
your device and you visit in safari has
1:02
the potential to steal absolutely
1:04
everything from your iphone because your
1:06
iphone is vulnerable so you have to be
1:08
extremely careful especially since there
1:10
is no fix currently available there
1:11
might be a tweak in the future to fix
1:13
this but for now there is no fix other
1:16
than updating your device which of
1:17
course means you will lose your
1:19
jailbreak now if you take a look at the
1:20
video in here you can see that pattern f
1:22
basically shows their device which is an
1:24
iphone running ios 14 and then of course
1:27
they show the ios version in there they
1:29
show the device type and so on and as
1:30
you can see they go here in safari and
1:33
they're not accessing a website but
1:34
rather an ip address which is basically
1:37
the same thing but they host it here on
1:38
an ip address not on a domain and of
1:40
course it's just an html button that
1:43
calls their exploit and once that is
1:45
done they are able to jailbreak their
1:47
device and as you can see the console
1:49
tells you exactly what's going on in
1:51
there it's basically an exploit written
1:53
in javascript and once they run it you
1:55
can see they got the task port they got
1:57
the surface id in there and everything
1:59
that they need so at this point their
2:01
device is in the jail broken and then
2:04
they attempt to run an ssh command so
2:06
that they connect via ssh to their
2:08
device they are able to exchange the
2:10
fingerprint in there and then they are
2:12
able to connect to the device you can
2:13
see they are now rude and everything
2:15
seems to be working fine they are able
2:17
to run commands and so on so you can see
2:19
that this is basically working very well
2:21
the good thing about this is that we
2:22
would be able to create a pawn might
2:24
kind of chill break for example an
2:26
uncover for ios 14.3 and lower but in
2:29
safari or taurine directly in safari or
2:32
even update pawn mai if this gets
2:34
released however it's also a very
2:36
important security risk and until a
2:38
patch is available for your jailbroken
2:41
device i would actually urge you to be
2:43
very careful what links you click you
2:45
are vulnerable and even if you're not
2:47
jailbroken you are still vulnerable if
2:49
you're running any of those versions
2:51
timstar seems to be interested in
2:52
creating a patch for this kind of
2:54
vulnerability but for now they are
2:55
working on it they need to know what to
2:57
patch first so there is no patch
2:59
available for the moment and while this
3:01
does have good implications for pawn my
3:03
because we would be able to update it
3:05
for 14.3 and lower and jailbreak
3:07
directly from safari it also means that
3:09
you are now running a very important
3:11
security risk and this as i said goes
3:13
from ios 14.0 all the way up to 14.3
3:16
which of course are currently not signed
3:18
but many people are running those
3:19
versions because of uncover and taurine
3:22
which only supports 14.3 and lower so
3:24
yeah this is actually great news for the
3:26
jailbreak community you will be able to
3:28
ditch the signing of ipa files and alt
3:30
store and computers and so on you will
3:32
be able to jailbreak directly from
3:34
safari which is quite cool but at the
3:36
same time until a patch tweak is
3:38
available it does expose you to a very
3:40
important security risk so yeah that's
3:42
basically it a very interesting demo but
3:44
it's definitely frightening to see that
3:47
big of a bug in ios yep thank you for
3:49
watching imgs now peace out
