Your iPhoneX can be remotely jailbroken

Recently discovered vulnerabilities in the Apple Safari web browser and iOS 12 could allow remote attackers to compromise your iPhoneX.

In a recent proof-of-concept video released by the Chinese internet security company Qihoo 360, security researcher Qixun Zhao reveals the technical details of critical vulnerabilities in Apple Safari web browser and iOS. The vulnerabilities could allow a remote attacker to jailbreak and compromise victims’ iPhoneX running iOS 12.1.2 and previous versions.

According to Qihoo 360, the remote jailbreak exloit is a combination of two vulnerabilities: A type confusion memory corruption flaw (CVE-2019-6227) in Apple’s Safari WebKit and a use-after-free memory corruption issue (CVE-2019-6225) in iOS Kernel.

Tricking iPhoneX users into chaos

For iOS, jailbreaking is – at its most fundamental level – the process of modifying iOS system kernels to allow file system read and write access. Most jailbreaking tools (and exploits) remove the limitations and security features built by Apple through the use of custom kernels, which make unauthorized modifications to the operating system.

The video released by Qihoo 360 shows that all an attacker needs to do is tricking iPhoneX users into opening a specifically crafted web page using Safari’s web browser.

The Safari flaw allows maliciously crafted web content to execute arbitrary code on the targeted device, which then use the second bug to elevate privileges and install a malicious app silently. The security vulnerabilities were first demonstrated and responsibly reported to the Apple security team, at the TianfuCup hacking contest in November last year.

Why you as an app vendor need to take action

Jailbreaking has very serious security implications as it makes your end-users iPhones an easier target for malware. It completely removes the walls that Apple has built into both iOS and the App Store.

Since a jailbroken iPhone is much more at risk of being compromised, it is important to know about it. Even if you choose to allow your app to run on jailbroken devices, detecting whether the device is jailbroken or not is essential for further security measures in order to determine the threats that your app is exposed to.

Jailbreak detection can be performed in different ways. Standard approaches simply test for the existence of files in the file-system that are associated with a jailbroken device. Promon SHIELD™, while also implementing these standard detection mechanisms performs detection on multiple levels, ranging these well-known approaches to cutting-edge low-level mechanisms that are targeted more towards detecting the essence of a jailbreak.