A proof-of-concept code for jailbreaking iPhone X has been created by a security researcher. The code reveals how two vulnerabilities can be chained to carry out a jailbreak operation, and the attack is quite simple, requiring an attacker to trick users into opening a specially crafted page via Safari.
“The PoC of Chaos” has been developed by Qixun Zhao, security researcher at Qihoo 360’s Vulcan Team, and it shows “in details (for beginners) how to get the tfp0 exploit details on A12”, as the researcher said in his article. However, Zhao said he would not release the exploit code itself, and people who want to jailbreak will need to complete it themselves or wait for the jailbreak community’s release.
Chaos PoC Exploit in Detail
The Chaos PoC exploit code is based on two critical vulnerabilities in Apple safari browser and iOS, and it could be leveraged by remote attackers willing to jailbreak iPhone X running on iOS 12.1.2 and earlier. The vulnerabilities were demonstrating during the TianfuCup hacking content in November last year.
The exploit code triggers the two vulnerabilities – a type confusion memory corruption flaw residing in Safari WebKit (CVE-2019-6227), and a user-after-free memory corruption flaw in the iOS Kernel (CVE-2019-6225). Fortunately, Apple has already fixed the flaws in iOS version 12.1.3, and users are urged to update.
Below you can find more information about the two vulnerabilities.
CVE-2019-6227 Description
A vulnerability was found in Apple Safari up to 12.0.2 (Web Browser) and classified as critical. Affected by this issue is a part of the component WebKit. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. Impacted is confidentiality, integrity, and availability, researchers said in an advisory.
CVE-2019-6225 Description
A vulnerability has been found in Apple macOS (Operating System) and classified as critical. This vulnerability affects a functionality of the component Kernel. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. As an impact it is known to affect confidentiality, integrity, and availability.
Users should update immediately to the latest version to avoid exploits.