In today’s video, we’re discussing yet another release from Google Project Zero, an iMessage exploit powerful enough that once can get unsandboxed remote code execution with it, so much so that Min (Spark) Zheng managed to extract files from an iPhone with it, and Samuel Groß managed to remotely open the “Calculator” application just by sending an iMessage to the target device which was an iPhone XS (A12). In his demo, Samuel first breaks ASLR by leaking the dyld_shared_cache base address, then proceeds to open the calculator app using the exploit.
Security researcher Natalie Silvanovich of Google Project Zero has posted a full writeup on the Project Zero blog detailing the vulnerability and how the exploit works. While this is not tfp0, it’s still very impressive, and can potentially be used for a Jailbreak since it is unsandboxed. One of the uses could be as a vector to initialize the jailbreak itself, though I believe that is less practic than a standard #iOS application. The exploit works on iOS 12.3, iOS 12.3.1 and iOS 12.4.
As always, do not forget to SUBSCRIBE to stay updated with the latest iOS and Jailbreak news!
▽ Resources ▽
▶ Our Jailbreak Forum
▶ The write-up on Project Zero
▶ The demo posted by Samuel
▶ iOS 12.3.1 / 12.3 / iOS 12.4 JAILBREAK: Current Exploits, Status, SHSH2 Blobs & What to Expect
▶ iOS 12.4 / 12.3.1 / 12.3 JAILBREAK Important News: iOS 12.3 B1 Jailbroken With Cydia & More
