Thursday, September 6, 2018
pwn.js WebKit exploit affects iOS 10-11.3.1 versions
pwn.js WebKit exploit affects iOS 10-11.3.1 versions
IOS 10-11.3.1 USERS ARE VULNERABLE TO SAFARI EXPLOIT
Two months ago, Phoenhex Dev Team released the pwn.js exploit for mobile Safari web browser. As expected, Apple promptly patched this vulnerability in iOS 11.4 firmware.
Jailbreak developers pounced on the opportunity and quickly developed a browser-based jailbreak for iOS 10-10.3.3. However, in doing so, the team left all jailbreak-able versions vulnerable to web attacks.
According to Jake James, all devices running iOS 10-11.3.1 are vulnerable, even though the jailbreak works only support iOS 10.
James also developed a proof-of-concept that transforms totally-not-spyware into a real spyware using eggshell.
Make no mistake – Spyware JailbreakMe itself is secure but creators of other websites may have sinister intentions.
An attacker could slap up a pwn.js-based malicious website, spread the link, and gain remote access to users’ devices on the affected firmware.
WHEN WILL A SECURITY PATCH BE RELEASED?
Back in 2016, security researcher Luca Todesco developed JailbreakMe 4.0 for iOS 9 firmware and immediately released a patch for his exploit.
At the time of this writing, Ben Sparkes and his team are working on a similar security patch for affected versions. This upcoming patch will likely be distributed in the form of a tweak via Cydia.
As of right now, there’s no fix except for upgrading your device to iOS 11.4 (final) or above versions.You may also like:jihosoft iphone data recovery
Alternatively, you can disable Javascript from Safari’s settings. Doing so will render this WebKit vulnerability useless. However, it’s not a feasible solution by any means; the reason being that every website uses Javascript technology in some capacity.
With that being said, Phoenhex Dev Team member Niklas Baumstark has close-sourced the stage 2 of pwn.js exploit to protect users from malware. Nevertheless, a full-blown security patch would still prove useful.
Gihosoft Android data recovery Free is a super awesome software specialized in Android file recovery. With this program, you are able to recover deleted photos, music, videos, messages, contacts, call logs, WhatsApp messages, Viber chat history and more from Samsung, Huawei, LG, HTC, Motorola, Google, Oneplus, Sony, Lenovo, ZTE and other Android devices directly. Meanwhile, this Android data recovery software is available for both Windows and Mac platforms.
Subscribe to:
Post Comments (Atom)
macOS Catalina Is Causing Issues with Select eGPUs
macOS Catalina is apparently breaking many apps. Users have reported that they are facing problems after updating to macOS Catalina with...
-
In April 2019, Google announced the launch of a free, ad-supported version of its YouTube Music streaming service for use with Google Hom...
-
1. Does iTunes Backup Deleted Text Messages? There is no clear yes or no answer for this question; it depends on what you do as soon as y...
-
How to Save Other People's Snapchat Videos to iPhone? Method 1: Screenshot or Screen Record Your iPhone Fortunately, iOS 11 offers a s...
No comments:
Post a Comment