Despite the absurd amounts of time and money that Apple pours into security efforts to make iOS one of the most secure mobile operating systems available today, it seems that even iOS 12.1, the latest publicly-available firmware version on the iPhone and iPad, isn’t entirely hack-proof.
At the recent Pwn2Own contest in Tokyo, Richard Zhu and Amat Cama, a duo of white hat hackers, reportedly harnessed the power of a powerful Safari-based 0-day exploit to recover a photograph that was recently deleted from an iPhone X’s native Photos app.
As it would seem, the hackers utilized a malicious Wi-Fi access point to facilitate their devious plan to exploit a just-in-time (JIT) vulnerability in the software. The hackers then took advantage of an Out-Of-Bounds write to achieve sandbox escape and escalation, empowering them to access system files that would typically be locked off.
Citing several reports, the hackers were able to access much more than just recently-deleted photos, which denotes how they likely achieved root filesystem access on the pwned handset.
The hackers were graciously rewarded a $60,000 prize for demonstrating their ability to break into Apple’s iOS 12.1 operating system.
Apple often pays significantly more for information concerning security vulnerabilities in their software, but the Pwn2Owned contest potentially provided added benefit to the hackers by helping them earn a reputation in their field.
Immediately following the competition, Apple was notified about the security hole such that it could be patched in a future update to iOS. Nevertheless, the exploit will be released after Apple officially patches it, which means it could potentially offer help jailbreak community hackers in their efforts to conceive an iOS 12.1 jailbreak.
It should be interesting to see how long it takes for Apple to patch the exploit, and more importantly, whether it will aid in jailbreak conception or not.
Source: idb