A new zero-day vulnerability found on iOS and iPadOS that support Apple devices, after the serious vulnerability identified in their mail application iPhone.
ΠIn particular, the new vulnerability affects devices with iOS 13.4.1 and the bug was detected by a Swedish hacker, named Siguza.
According to Siguza, the personal data of iPhone users can be stolen through a bug that appears in the reading of XML files. This bug allows attackers to bypass certain security checks before posting an application in the AppStore. Later applications have unlimited rights.
RIP my very first 0day and absolute best sandbox escape ever:
application-identifier
…
platform-application
com .apple.private.security.no-container
task_for_pid-allow- Siguza (@ s1guza) April 29, 2020
Practically through this vulnerability, malicious users can carry out any type of attack. Siguza states that this bug will definitely be solved with the advent of iOS 13.5.
[the_ad_group id = ”966 ″]