Vulnerabilities allow remote access in Safari for iPhone X

A combination of two exploits allows attackers to install malicious code on IPhone X devices

A network security researcher from China has recently revealed technical details about some critical vulnerability in iOS and Safari, the Apple browser, which, if exploited, could allow an attacker to remotely compromise an iPhone X with operating system iOS 12.1.2 and previous versions, as reported by ethical hacking specialists from the International Institute of Cyber Security.

All that the attacker requires to exploit these vulnerabilities is to deceive an iPhone X user to open a specially designed web page from the Safari browser of their device. Still, not every iOS hacker has the knowledge and skills needed to find and exploit these vulnerabilities.

Discovered by the network security investigator Qixun Zhao of the Chinese firm Qihoo 360, this exploit takes advantage of two security vulnerabilities revealed last year in an ethical hacking event. Subsequently, the vulnerabilities were reported to the Apple security teams.

On the other hand, Zhao revealed some details of the jailbreak, in addition to a proof of concept which the expert has dubbed “Chaos”, after Apple launched the iOS 12.1.3 update, where the vulnerabilities reported were supposed to be corrected. 

According to the network security specialist, the remote exploitation of the jailbreak consists of a combination of two vulnerabilities:

  • Memory Corruption Vulnerability in Safari Webkit (CVE-2019-6227)
  • Memory Corruption Vulnerability in iOS Kernel (CVE-2019-6225)

The researcher demonstrated that the vulnerability in Safari allows maliciously created web content to execute arbitrary code on the victim’s device; along with the second flaw, this allows attackers to elevate their privileges and install a malicious application in the background.

Qixun Zhao decided not to publish the jailbreak code so as not to provoke a surge of cyber attacks against Apple users; he also mentioned that he expects the cybersecurity community to use this research in a way that does not harm users in the future.

“I will not release the operating code, if you want to perform a jailbreak, you must complete the code on your own or expect more details from the jailbreak community. I have also decided to omit post exploit details”, the researcher mentioned.

Due to the potentially malicious users’ wide attack range, in addition to the remote nature of this exploit, experts in cybersecurity recommend that Apple users install the latest iOS operating system update as soon as possible.