0:00
what's going on youtube gs9 here so in
0:02
today's video we have some information
0:04
about a brand new exploit that has been
0:06
released for ios 15.0.1 and older so can
0:09
this be used for a jailbreak how big of
0:11
a security risk it is and what is this
0:14
all about because it has been very
0:15
popular in the past couple of hours this
0:17
video is brought to you by any trends a
0:19
software that allows you to manage the
0:20
information on your device and someone
0:22
and of course do backups transfer files
0:24
with drag and drop definitely check it
0:26
out it's a great iphone management
0:28
software so a couple of hours ago
0:30
leonardo here tagged me and asked me
0:32
what can you say about his work possible
0:35
jailbreak on ios 15. and if we go ahead
0:37
and hear it's apparently a tweet from
0:38
jonathan scott a security researcher who
0:40
said a couple of days ago quote today
0:42
october 9th 2021 at 10 30 pm cst i will
0:46
be performing a live rce or remote code
0:49
execution on iphone 11 pro running
0:51
15.0.1 which incidentally is the latest
0:54
version available right now and they
0:56
send here full device takeover full file
0:58
system data dump i will data wipe the
1:00
phone after i steal all the info if
1:03
you're bug bounty the people deserve to
1:04
know and they posted this captioning
1:06
here remote code execution whatever on
1:08
iphone 11 pro which i think is a13 so
1:11
definitely great well they did post
1:13
their research in here on github there
1:15
is even a video available and this is in
1:17
here ios 15.0.1 rce version 1. so
1:20
naturally a lot of people ask me what is
1:22
this all about how important this is for
1:24
jailbreak purposes and of course how big
1:26
of a security risk it is because they
1:28
set in here full device takeover and
1:30
full file system dump and data wipe
1:32
remotely and stuff like that which are
1:34
pretty big claims and if true it would
1:36
make the device pretty darn unsafe now
1:38
looking over the repo here it says that
1:40
you need a couple of things in order to
1:41
make this work likely by mobile device
1:43
websocket d and time limit and whatever
1:46
so yeah basically you would airdrop some
1:48
files some website related files to the
1:51
device and then you will be able to
1:52
extract data from the device without
1:55
even unlocking the phone this works
1:56
without inputting the passcode hence why
1:59
they made a huge deal about it now how
2:01
important is this security wise well to
2:03
be brutally honest this does have a huge
2:05
caveat and that is the fact that you
2:07
have to be connected to a known trusted
2:10
host for example your computer and you
2:12
have to have tapped the trust button on
2:14
the device otherwise this would not work
2:16
so is this remote code execution yeah
2:19
you are indeed exfiltrating files you
2:21
are indeed running code remotely through
2:23
the connection but you do have to run
2:25
that code from a trusted device for
2:27
example your personal computer or your
2:29
laptop and so on a stranger wouldn't
2:31
just be able to get your phone plug it
2:33
in their computer pop this one up and
2:35
extract all the data on your device
2:37
because their computer wouldn't be
2:38
trusted in the first place and if they
2:40
want to trust it they need to input the
2:41
passcode hence why many people in the
2:44
jailbreak community and in the security
2:46
community pretty much mocked this guy
2:48
for what they released saying that it's
2:50
not exactly what they claim and to be
2:52
brutally honest i'm standing with them
2:54
it is indeed not what they promised
2:57
while it's important and it can be
2:59
exploited if your partner wants to get
3:01
into your device or stuff like that this
3:03
is possible but on a full scale on you
3:05
know unknown computers if a stranger
3:07
steals your phone and wants to dump the
3:09
content they wouldn't be able to do that
3:11
with this it's pretty limited by the
3:13
fact that you have to be on a host that
3:15
is indeed trusted now for jailbreak
3:18
this doesn't seem to be any good for
3:20
jailbreak purposes at least not in my
3:22
opinion you can drop files to the device
3:24
you can extract data but this seems to
3:26
be more useful for malware on ios than
3:29
jailbreaking it's not a kernel exploit
3:31
it's not a sandbox escape or anything
3:33
like that it's just basically
3:34
transferring files and running various
3:36
commands without the device being
3:38
unlocked which while bad and of course
3:41
pretty bad for security reasons it's
3:43
still done from a host that is already
3:45
trusted so it's not exactly that big of
3:47
a deal at least not outside of a
3:49
workplace or something many people call
3:51
that a simple ios feature not an rce not
3:55
remote code execution because really
3:57
it's not remote code execution if you
3:59
are connected to a host that is already
4:01
trusted you're just running commands
4:03
from a computer that is trusted so yeah
4:05
i wouldn't hold my breath for that it
4:07
couldn't be used for jailbreaking at
4:09
least not in the current state it's a
4:10
neat thing it does show a possible
4:13
vulnerability for data exfiltration but
4:15
it does have major caveats and i do not
4:18
believe is a major security risk or
4:20
useful for jailbreak purposes i hope
4:21
this has clarified everything because
4:24
this topic is currently very popular in
4:26
the gilbert community and many security
4:27
researchers are retweeting and
4:29
discussing and you know arguing over
4:31
that so i hope this clarifies everything
4:33
thank you for watching i am geosnow
