iOS 10 beta1 - Apps can steal your Photos without permission and Some Coprocessor FW's not signed

Discussion in 'iOS 10' started by perfect_, Jul 4, 2016.

  1. perfect_ Suspended


    Feb 8, 2016

    We found some new vulnerabilities Apple system mechanism. Some coprocessor firmware protected and not signed, so we can through these vulnerabilities, configuration deformity code to control coprocessor. We are also there are no good methods of use can be achieved using the system level, such as escape.

    We also found a flaw Apple underlying data sharing mechanisms. If you take pictures with the Camera App, other Apps can actually access without your permission, app can extract the pictures you take in an instant from the memory, which is equivalent of directly stealing your photographs. This can cause serious privacy issues. We did a verification and found out that any app in the app store can achieve such function and also bypasses through AppStore validation.

    Of course, we finally showcased iOS 10 jailbreak."

  2. chestvrg macrumors 65816


    Dec 13, 2010
    Wow this is a serious vulnerability definitely, maybe in beta2 they'll fix this.
  3. iphonedude2008 macrumors 65816


    Nov 7, 2009
    Irvine, CA
    This sounds like a much bigger issue than just stealing selfies or blurry sunset pictures. It seems like apps can bypass sandboxing on RAM and access other data, potentially stealing browsing data and credit cards. The jailbreaking part of me wants this to remain open, but this issue is too frightening to be left unpatched so I can install random tweaks :)

Share This Page