Inside iOS 9.3.5: A detailed look at the biggest vulnerability in iOS history

Inside iOS 9.3.5: A detailed look at the biggest vulnerability in iOS history
This morning, Apple suddenly released iOS 9.3.5. The update log only contained a simple sentence: Provides important security updates, recommended for all users to install. In fact, the previous iOS 9.3.4 version was released to fix security vulnerabilities, and this iOS 9.3.5 involves the biggest vulnerability in iOS history. According to the information released by Apple to developers, iOS 9.3.5 fixes three security issues, namely: - CVE-2016-4655: WebKit vulnerability, triggered by user clicks - CVE-2016-4656: Kernel information leakage vulnerability

- CVE-2016-4657: Kernel memory corruption vulnerability. They are all 0-day vulnerabilities with extremely high quality, but this time, it is not just a few vulnerabilities... Leifeng.com interviewed the domestic Pangu and Nirvana jailbreak teams and learned that the day before Apple released this security update, the Citizen Lab of the Toronto Munk School of Global Affairs, which is committed to exposing large-scale surveillance tasks, released a detailed research report on the latest Apple 0-day vulnerabilities and named them "Trident" vulnerabilities. How awesome is this group of vulnerabilities? 1. All of these vulnerabilities are 0-day vulnerabilities, that is, before they are exposed, no one except the discoverer of the vulnerability knows about the existence of this vulnerability; 2. Users only need to click on the link sent by the hacker, and the phone will be remotely jailbroken, and the hacker will instantly obtain the highest authority of the phone; 3. With the highest authority, hackers can remotely operate and control the user's iPhone, view the phone camera, eavesdrop on the user's conversations and recordings, and view the user's application information. It can be said that they can do whatever they want. Simply put, hackers only need to use a link to completely control your iPhone, which is equivalent to "remote jailbreak"! This level of iOS vulnerability has always been a legend. People often talk about it, but no one has seen it until now... So why was this set of vulnerabilities exposed? The story started like this: DM557 (Chen Xiaobo), a core member of the Pangu team, restored the entire process of this "remote jailbreak": 1. The attacker first sent a link to the target task via SMS text message. When the target task clicks the link, it will visit a website of the attacker. 2. An attack program for Mobile Safari will be placed on the attacker's website. This program contains a 0day vulnerability in the MobileSafari Javascript engine. 3. After the attack program is executed, the attacker will obtain the execution permission of the mobile phone through the browser. At this time, the attacker's permission is only imprisoned in the sandbox. 4. Next, the attacker obtains the kernel execution permission through two kernel vulnerabilities (a kernel information leakage vulnerability + a kernel code execution vulnerability). 5. After obtaining the kernel execution permission, the attacker has completed the jailbreak of the mobile phone. At this time, he will turn off some iOS security protection mechanisms, such as enabling the reading and writing of rootfs, turning off code signing, etc. 6. After the attack is completed, the intruder becomes the "master" of the phone and can monitor the phone's communications and traffic. As a jailbreak master, DM557 did not hesitate to praise this jailbreak. This JavaScript vulnerability can attack the iOS system when the system is turned on, that is, when the system restarts, it will go through the attack process again, which is a bit similar to the previous "perfect jailbreak". Gao Xuefeng, the head of the 360 ​​Nirvana team, pointed out that remote jailbreaking was once achieved in the early days of iOS, but the last time was iOS 4.3.3, which was a thing of the past in 2011. Gao Xuefeng emphasized: iOS almost always adds a very powerful security protection mechanism in every major version upgrade. Now five years have passed, and the difficulty of remote jailbreaking iOS has increased exponentially, especially after iOS 7, this level of vulnerability is almost extinct, so the difficulty of remote jailbreaking is simply not the same. In conclusion, the iOS world has produced a vicious "plague" that can destroy your iPhone in a matter of minutes, but fortunately, we already have a vaccine to resist this "plague", which is iOS 9.3.5, so you must upgrade! However, who knows if there are other vulnerabilities as vicious as "Trident" surging underground, sweeping the world again when people are caught off guard?

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<:  Are iPhone and iOS really safe? New zero-day vulnerability completely puts an end to the "myth"

>>:  IMF: Half of jobs in developed Asia-Pacific economies will be affected by artificial intelligence

Recommend

Don’t know how to track information flow advertising conversion data? 3 methods + 2 tools recommended!

As we all know, data tracking and conversion is a...

Play with the Tantan-like card-style sliding effect

Talking about the historical origin of this blog,...

What exactly is the "Pink Muhly Grass" that is popular on the Internet?

Audit expert: Shi Jun Doctor of Botany, well-know...

Operational strategies of Xiaohongshu, Weibo and Bilibili

This article mainly focuses on the four "hot...

3 tips to improve ranking and optimize App Store keywords

Now more and more teams and companies are develop...

A new brand live broadcast system from 0 to 1

In the past two years, short videos and live stre...

SMMT: UK new car registrations fell 34.9% in June 2020

According to data released by the SMMT, new car r...

@All students, please check your summer vacation safety manual

Summer vacation is coming. While enjoying your va...

China Passenger Car Association: In October 2022, the sales volume of the domestic narrow passenger car market reached 1.842 million units, a year-on-year increase of 7.5%

In October, the sales volume of the domestic narr...

Used car auction platform Tiantianpaiche completes $100 million D1 round of financing, with Autohome as the investor

Tiantianpaiche, an online used car auction platfo...

This element, once mistakenly thought to constitute diamonds, has a surprising number of uses!

Recently, a team of undergraduate students from C...

Puchang Rice Terraces: A Psychedelic Play of Colors and Lines

Puchang Terraces, the granary of Ganluo County. G...

What is the difference between seo and Baidu bidding? What is the difference between seo and bidding promotion?

Although both SEO and paid ranking play a key rol...

my country has discovered a new COVID-19 drug and obtained a patent! It is extracted from this plant! Many people have seen it, but they can't name it.

Expert of this article: Li Ting, Master of Plant ...

Cool effect, Volvo submits patent application for new head-up display

According to foreign media reports, Volvo recentl...