iPhone 13 Pro Hacked, Tianfu Cup, China Hackers, iOS 15 jailbreak

Ever since the Chinese government invoked regulations to prevent security researchers from taking part in international hacking competitions such as Pwn2Own, the annual Tianfu Cup, held in Chengdu, has been the place for the best hackers in China to demonstrate their collective prowess.

This past weekend saw the latest competition take place and the newest iPhone, the iPhone 13 Pro running the latest and fully patched version of iOS 15.0.2 to be precise, was hacked in record time. Twice.

The Kunlun Lab team, whose CEO is a former CTO of Qihoo 360, was able to hack the iPhone 13 Pro live on stage using a remote code execution exploit of the mobile Safari web browser. And do so in just 15 seconds flat.

Of course, months of preparation were likely involved in getting to this point, but the result was devastating and devastatingly fast. However, full details of the vulnerability or vulnerabilities exploited have yet to be revealed.

Kunlun Lab wasn’t the only team to hack the iPhone 13 Pro, though. Team Pangu, which has a history of Apple device jailbreaking, cemented its reputation in this regard by claiming the top $300,000 cash reward for remotely jailbreaking a fully patched iPhone 13 Pro running iOS 15.

While, again, the full detail of how this was achieved has not been made public, reports suggest it involved a one-click link triggering a remote code exploit that bypassed Safari security mechanisms.

The good news is that hacking is not a crime, as I have repeated time and time again.

Indeed, these hacking teams will turn the details of their exploits over to Apple so that it can release patches for these vulnerabilities. I would expect to see these in either iOS 15.1 or a forthcoming iOS 15.0 security update.

The not so good news is that there have been reports in the past of Chinese state actors using some of these exploits for espionage or surveillance purposes before patches can be released.

It should also be said that Apple products weren’t the only target at the Tianfu Cup 2021 event. Security researchers also successfully launched exploits against Windows 10, Microsoft Exchange and Google Chrome, among others. I’ll bring you more news of those as detail emerges.

I have reached out to Apple for comment and will update this article in due course.

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.

Davey is a three-decade veteran technology journalist and has been a contributing editor at PC Pro magazine since the first issue in 1994. A co-founder of the Forbes Straight Talking Cyber video project, which has been named ‘Most Educational Content’ at the 2021 European Cybersecurity Blogger Awards, Davey also won the 2020 Security Serious ‘Cyber Writer of the Year’ title. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

Source: iPhone 13 Pro Hacked, Tianfu Cup, China Hackers, iOS 15 jailbreak..

.

Related Contents:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: