A demonstration of the newly released Apple products is seen following the product launch event in Cupertino
A man holds the newly released Apple iPhone XS and XS Max during a product demonstration following the Apple launch event at the Steve Jobs Theater in Cupertino, California, U.S. September 12, 2018. REUTERS/Stephen Lam (Photo: STEPHEN LAM | Reuters)

iOS 12.1.2 is still vulnerable, this is what the most recent report on iOS jailbreaking has to say.

A cybersecurity researcher from China proved today that there is still more reasons for Apple to be at watch over the iPhone X and iOS 12.1.2. In a published note, the Chinese researcher proved that there is an exploit that can allow a remote attack on the iOS 12.1.2 vulnerabilities.

The Hacker News hinted that Qixun Zhao from Qihoo 360 Vulcan Team called the exploit he built as "Chaos."  He disclosed the technical details on the Apple Safari web browser critical vulnerabilities.

Zhao's released proof-of-concept states that Chaos is allegedly capable of jailbreaking the target's iPhone X running an iOS 12.1.2 and older version. This provides the hacker special access to the target's processing power, data and more.

In his released poC, Zhao showed that jailbreaking an iPhone X running an iOS 12.1.2 and older versions come easy. Using the Safari browser, the user just needs to be lead to open a specially crafted web page.

According to the poC, Chaos allegedly makes use of two security vulnerabilities. The said vulnerabilities were introduced at the TianfuCup hacking contest held last November. The first one is the memory corruption flaw (CVE-2019-6227) in Apple's Safari WebKit and the second one a use-after-free memory corruption issue in the iOS kernel (CVE-2019-6225).

In the video demonstration done by the Chinese researcher which he called Chaos iPhone X jailbreak exploit, he showed how to successfully install a malicious app.

The first vulnerability which is the memory corruption flaw uses the Safari web browser to allow a malefactor in creating a web page. The malicious web page contains scripts that will be necessary for executing arbitrary code aimed at the victim's device.

Once the arbitrary code execution is done the second flaw which is the use-after-free memory corruption issue in the iOS kernel then begins to gain elevated privileges to install a malicious app of his or her choice.

In spite of the video release, Zhao stated that although he released the poC of chaos and elaborated the details for beginners, he will not release the exploit code. He added that those wanting to jailbreak will need to complete the exploit code themselves or wait for the jailbreak community's release.

He ended his statement by saying that he will not mention the exploit details of the post exploit because the matter is handled by the jailbreak community.