During the Tianfu Cup, an international cyber security competition, Apple’s iPhone 13 Pro fell to a remote jailbreak hack in just 1 second by Qi’an Pangu, a white hat hacker from Pangu lab. The hack used in the remote jailbreak meant that the victim just needs to click on a link in Safari, which will give the hacker complete control over their iPhone 13.
This 1-second remote jailbreak hack for iPhone 13 was awarded $300,000 in prize money and was also the first instance of a public jailbreak demo for Apple’s newest smartphones.
iPhone 13 Pro falls in just 1 second with just a tap on a link in Safari
The remote jailbreak utilized multiple security vulnerabilities in Safari, iOS 15 kernel, and iOS 15 chip to perform a successful attack, allowing it to bypass multiple layers of security protections. Once hacked, the jailbreak gives the hacker access to all data on the victim’s iPhone 13 Pro, including photos, messages, and apps. The scary part of the attack is that it requires just a tap on a link in Safari, which takes just a second, and the rest of the process is completely silent and invisible to the victim.
Pangu Lab is popularly known for discovering zero-day exploits in iOS before most other security teams and experts. The team does not release jailbreak tools anymore but often demos security exploits at various security conferences and competitions. The team of jailbreakers turned white hat security researchers had also demoed an iOS 15 jailbreak back in August, but it was not released as a public exploit.
Apple has already had its hands full with numerous software updates to patch security exploits, only to discover that there are still unfixed flaws that need further updates to fix. Here are the various software updates released this year that have featured security fixes:
- In iOS 15.0.2, Apple fixed a gaming zero-day exploit without crediting the bug hunter again
- Apple releases iOS 14.8 and iPadOS 14.8 with security fixes
- watchOS 7.6.2 released with important security fix
- macOS Big Sur 11.6 released with two important security fixes
- Apple releases macOS Big Sur 11.5.1 with security fix
- Apple releases watchOS 7.6.1 with security fix that may have been actively exploited
- watchOS 7.4.1 released with fix for another WebKit security flaw
- Apple releases macOS Big Sur 11.3.1 with WebKit security fixes
- Apple releases watchOS 7.3.3 with security fix for WebKit flaw
- iOS 14.7 fixes Wi-Fi bug along with 30 other security vulnerabilities
- Apple seeds macOS Big Sur 11.2.3 update with WebKit security fixes
- watchOS 7.3.2 released with WebKit security fix
- Apple releases iOS 14.4.1 and iPadOS 14.4.1 with WebKit security fix
- iOS 14.4.2 and iPadOS 14.4.2 released with security fix that may have been exploited in the wild
- iOS 14.4 fixes security flaws that might have been actively exploited
- Apple releases iOS 12.5.5 for older iPhones and iPads with security fixes