Zero-click remote code execution exploit for fully patched iOS 15 running on iPhone 13 demonstrated by experts

During the latest version of the Tianfu Cup event for ethical hackers, a group of researchers demonstrated a method to successfully hack an iPhone 13 device with the latest iOS 15 updates, in what became the main event of the night. In total, the event delivered more than $1.5 million USD to participants.

In the form of the most recent edition, held this weekend in the Chinese city of Chengdu, the contestant hackers had three 5-minute attempts to demonstrate the functionality of their exploits.

During the weekend, white-hat hackers managed to successfully compromise the following devices and operating systems:

  • Windows 10
  • Adobe PDF Reader
  • Ubuntu 20
  • Parallels VM
  • iOS 15
  • Apple Safari
  • Google Chrome
  • ASUS AX56U router
  • Docker CE
  • VMWare ESXi
  • VMWare Workstation
  • qemu VM
  • Microsoft Exchange

Other devices and software unsuccessfully targeted by the ethical hackers include:

  • Synology DS220j NAS device
  • Xiaomi MI 11
  • An unnamed domestic IoT device

As mentioned above, one of the demonstrated exploits was described as a zero-click remote code execution attack against a fully updated iOS 15 executed on an iPhone 13 smartphone. This exploit gave its developers a prize of $300,000 USD.

Another experiment that caught the eye was a string of RCE attacks against Google Chrome whose exploitation would allow the total compromise of affected systems.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.