NEWS
Hackers Win $60,000 for Demoing iPhone Safari Exploit Providing Access to Deleted Photos
1787
2018-11-15
Posted by 3uTools

Hackers Win $60,000 for Demoing iPhone Safari Exploit Providing Access to Deleted Photos


The Fluoroacetate duo of Amat Cama and Richard Zhu used a pair of bugs to recover a recently deleted photo from the device. The hackers ran their demonstration on an iPhone X running iOS 12.1.


To recover the deleted photo, the hackers made use of a malicious Wi-Fi access point along with a JIT (just-in-time) compiler exploit. They earned $60,000 and 10 Master of Pwn points for their successful demonstration. The exploit can be used to recover more than just deleted photos though.


    


"Next up, Amat and Richard returned to the Short Distance category. This time, they were targeting the iPhone X over Wi-Fi. They used a pair of bugs – a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation."


The duo of hackers also demoed an exploit on Xiaomi’s Mi 6 over NFC and its touch-to-connect feature to route the device to a custom website. For this, they won $30,000 and 6 Master of Pwn points.


"Our day began with Fluoroacetate (Amat Cama and Richard Zhu) successfully exploiting the Xiaomi Mi6 handset via NFC. Using the touch-to-connect feature, they forced the phone to open the web browser and navigate to their specially crafted webpage. During the demonstration, we didn’t even realize that action was occurring until it was too late. In other words, a user would have no chance to prevent this action from happening in the real world."


Apple has already been informed of the bug and will likely address it in the coming iOS 12.1.1 update.


Source: iphonehacks

Related Articles
Unlock iCloud and Recover Deleted Data - "UFED" From Israel Hackers Hackers Claim to Break Face ID a Week After iPhone X Release Jailbreak for All iOS 13.5 Devices Coming Soon, Hackers Say iPhone X Face ID Again Unlocked With Mask, Even With 'Require Attention' Turned On FBI Hacker Says Apple Are 'Jerks' and 'Evil Geniuses' for Encrypting iPhones Hackers Release 'Unc0ver' 5.0 Jailbreak Tool That Works on iOS 13.5 Hackers Are Plotting to hijack your Mac in the Dark Web Hacker Spills Code Developed to Crack San Bernardino iPhone