PoC of Chaos Vulnerability Released for iOS 12.1.1: If you have been in the jailbreak community for a while then you might be knowing about Qixun Zhao. He is A level hacker who has recently released Chaos vulnerability for iOS 12.1.1.
In this blog, we will be talking about How the Chaos kernel vulnerability works and also what’s next in the jailbreak community. Qixun Zhao is a part of Qihoo 360 Security Team. He has also made Chaos proof-of-concept public. We will be also talking about this thing in this article.
QIXUN ZHAO MAKES CHAOS PROOF-OF-CONCEPT PUBLIC
PoC of Chaos Vulnerability Released for iOS 12.1.1: Qixun Zhao is known for demonstrating remote jailbreak quite frequently.
Termed “Chaos”, this kernel vulnerability discovered by Zhao can be triggered directly in the sandbox.
In November 2018, Qixun Zhao aka S0rryMybad demonstrated a remote jailbreak on A12 devices at the TianfuCup PWN Contest.
You can watch the video demonstration performed by S0rryMybad who has posted the video on a Chinese website Youku.
The video showcases a remote jailbreak running on two iPhone XS devices. The hacker then opens the jailbreak website (192.168.1.52) that injects the exploit and then resprings the device in the jailbreak mode.
After successfully jailbreaking the iPhones, S0rryMybad proceeds to launch Mobile Terminal, which confirms that the hacker has gained root access on iOS 12.1.1 firmware.
HOW THE CHAOS KERNEL VULNERABILITY WORKS
The iOS kernel contains a component called MIG, generated automatically by the .defs file.
Generally, MIG performs inter-core object conversion and object reference count management, and then calls kernel methods.
If the firmware developer is not familiar with MIG management, improper management of the reference counts of kernel objects can leak the reference counts, allowing hackers to circumvent the defenses.
Qixun has a very clear intention that he will not exploit source code Although the proof-of-concept for Chaos vulnerability is now public.
it’s very hard to jailbreak iOS 12 hence If developers are keen on developing an iOS 12 jailbreak then to have to work really hard for it.
