Logo Newsletter

SIGN UP FOR OUR NEWSLETTER & PROMOTIONS!

Sale 20% OFF

ON YOUR NEXT PURCHASE

White hat hacker slipper completed the world’s first public remote jailbreak for Apple’s iPhone 13 Pro, and the cracking process only takes 1 second

White hat hacker slipper completed the world’s first public remote jailbreak for Apple’s iPhone 13 Pro, and the cracking process only takes 1 second

Categories: Technology
Posted: October 17, 2021

In the 4th “Tianfu Cup” International Cyber ​​Security Competition, a white hat hacker slipper from Pangu Lab under Qi’an Pangu completed the world’s first public remote jailbreak of the iPhone 13 Pro, obtained the highest control authority of the mobile phone, and won the highest individual bonus 300,000 U.S. dollars.

According to reports, as the most-watched and highest-paid cracking project during this Tianfu Cup, this cracking is based on the latest Apple mobile phone model iPhone 13 Pro. When the user clicks on a link carefully forged by the attacker, the Safari browser can be triggered. Remote code execution vulnerabilities allow attackers to execute attack commands remotely.

After bypassing the Safari browser protection mechanism, the slipper once again used multiple vulnerabilities in the iOS15 kernel and the A15 chip to perform a combined attack, successfully bypassing multiple security protection mechanisms, and obtained the highest control of the iPhone 13 Pro, which can be obtained at will Information, including photo albums, apps, etc., can even directly delete data on the device or execute other arbitrary commands.

What’s more noteworthy is that even though the slipper used multiple vulnerabilities in the Safari browser and the iOS kernel to perform combined attacks during the entire cracking process, there was no interaction other than requiring the user to click on a link, and the triggering method was very simple. , And the entire cracking process takes only 1 second, so it is extremely harmful to users.

In addition, in the Adobe PDF Reader cracking project that ended this morning, the slipper constructed a PDF file, and when the user opened the file, he could execute arbitrary commands remotely.

← Previous Next →