Inside iOS 9.3.5: A detailed look at the biggest vulnerability in iOS history

This morning, Apple suddenly released iOS 9.3.5. The update log only contained a simple sentence: Provides important security updates, recommended for all users to install. In fact, the previous iOS 9.3.4 version was released to fix security vulnerabilities, and this iOS 9.3.5 involves the biggest vulnerability in iOS history. According to the information released by Apple to developers, iOS 9.3.5 fixes three security issues, namely: - CVE-2016-4655: WebKit vulnerability, triggered by user clicks - CVE-2016-4656: Kernel information leakage vulnerability

- CVE-2016-4657: Kernel memory corruption vulnerability. They are all 0-day vulnerabilities with extremely high quality, but this time, it is not just a few vulnerabilities... Leifeng.com interviewed the domestic Pangu and Nirvana jailbreak teams and learned that the day before Apple released this security update, the Citizen Lab of the Toronto Munk School of Global Affairs, which is committed to exposing large-scale surveillance tasks, released a detailed research report on the latest Apple 0-day vulnerabilities and named them "Trident" vulnerabilities. How awesome is this group of vulnerabilities? 1. All of these vulnerabilities are 0-day vulnerabilities, that is, before they are exposed, no one except the discoverer of the vulnerability knows about the existence of this vulnerability; 2. Users only need to click on the link sent by the hacker, and the phone will be remotely jailbroken, and the hacker will instantly obtain the highest authority of the phone; 3. With the highest authority, hackers can remotely operate and control the user's iPhone, view the phone camera, eavesdrop on the user's conversations and recordings, and view the user's application information. It can be said that they can do whatever they want. Simply put, hackers only need to use a link to completely control your iPhone, which is equivalent to "remote jailbreak"! This level of iOS vulnerability has always been a legend. People often talk about it, but no one has seen it until now... So why was this set of vulnerabilities exposed? The story started like this: DM557 (Chen Xiaobo), a core member of the Pangu team, restored the entire process of this "remote jailbreak": 1. The attacker first sent a link to the target task via SMS text message. When the target task clicks the link, it will visit a website of the attacker. 2. An attack program for Mobile Safari will be placed on the attacker's website. This program contains a 0day vulnerability in the MobileSafari Javascript engine. 3. After the attack program is executed, the attacker will obtain the execution permission of the mobile phone through the browser. At this time, the attacker's permission is only imprisoned in the sandbox. 4. Next, the attacker obtains the kernel execution permission through two kernel vulnerabilities (a kernel information leakage vulnerability + a kernel code execution vulnerability). 5. After obtaining the kernel execution permission, the attacker has completed the jailbreak of the mobile phone. At this time, he will turn off some iOS security protection mechanisms, such as enabling the reading and writing of rootfs, turning off code signing, etc. 6. After the attack is completed, the intruder becomes the "master" of the phone and can monitor the phone's communications and traffic. As a jailbreak master, DM557 did not hesitate to praise this jailbreak. This JavaScript vulnerability can attack the iOS system when the system is turned on, that is, when the system restarts, it will go through the attack process again, which is a bit similar to the previous "perfect jailbreak". Gao Xuefeng, the head of the 360 Nirvana team, pointed out that remote jailbreaking was once achieved in the early days of iOS, but the last time was iOS 4.3.3, which was a thing of the past in 2011. Gao Xuefeng emphasized: iOS almost always adds a very powerful security protection mechanism in every major version upgrade. Now five years have passed, and the difficulty of remote jailbreaking iOS has increased exponentially, especially after iOS 7, this level of vulnerability is almost extinct, so the difficulty of remote jailbreaking is simply not the same. In conclusion, the iOS world has produced a vicious "plague" that can destroy your iPhone in a matter of minutes, but fortunately, we already have a vaccine to resist this "plague", which is iOS 9.3.5, so you must upgrade! However, who knows if there are other vulnerabilities as vicious as "Trident" surging underground, sweeping the world again when people are caught off guard?

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Are iPhone and iOS really safe? New zero-day vulnerability completely puts an end to the "myth"

>>: IMF: Half of jobs in developed Asia-Pacific economies will be affected by artificial intelligence

Stock up! Be careful with COVID-19 medications...

Even Sony's Takeshi Soeda doesn't dare to easily say that it's going smoothly. How can PS VR open up a new path in China?

The news of PS VR landing in China has become a h...

Download the free software of Big Pineapple Fujian Navigation and download the dirty APP of Big Pineapple Fujian Navigation!

The online entrance of Da Pineapple Fujian Naviga...

Inside iOS 9.3.5: A detailed look at the biggest vulnerability in iOS history

Stock up! Be careful with COVID-19 medications...

Case Analysis | 16 Industry Information Flow Advertising Case Optimization Collection

Today is Sunday, but I have to go to work! Why does taking a day off make people so exhausted?

Tang Zhenzong’s personal profile: How to convert more potential customers through the website?

TikTok anchor PK strategy and skills

Introduction to Huawei App Market paid promotion process and resource positions!

Recommend two iOS magnetic download tools

Can LG Mobile Become the "Second Samsung"?

Xianyu business logic and user analysis

How to quickly optimize your website to the homepage? How to improve SEO efficiency?

Recommend

How to promote the education industry? The key points of daily operations and promotion rhythm have been marked for you!

How much does it cost to develop a pregnancy and childbirth app in Pingliang?

Can product managers help traditional TV terminals trigger a wave of home entertainment?

Apple's chief software engineer: Why iOS and macOS will never merge

Even Sony's Takeshi Soeda doesn't dare to easily say that it's going smoothly. How can PS VR open up a new path in China?

Download the free software of Big Pineapple Fujian Navigation and download the dirty APP of Big Pineapple Fujian Navigation!

Hot search! E. coli was detected in ice cream. Does it mean it is contaminated by feces? Can we still eat it safely?

These four ways of feed flow advertising can turn your readers from being "raped" to "enjoying"

Every time the volume is loud but the sales volume is small. Will the new Chery Xingtu Xingji ET be different this time?

Why do birds migrate?

Learn how to promote new products from "What's Peppa Pig?"

Top ten keywords for new media in 2018!

【WP Development】Realize the "Shake" function

iOS scams collection

Why most companies fail in digital transformation