14 DAY TRIAL // Even with iOS 11 just out the gate, it looks like there is already a way to crash your iPhone and to bypass the passcode and get access to photos.
Each generation of iPhone and iOS has its problems, but they are usually patched quickly by Apple. Sometimes it’s a link that crashes iMessage and the entire device, or maybe a video that send the processors into a death spiral.
These kinds of problems are not present just on iOS, to be sure. Android is just a likely to get malware, for example, but that’s the reason why developers work on their respective OSes all the time, to fix any of the issues.
The solution is simple, don’t open stuff
Sometimes it’s possible to receive a photo and get tricked in that way, but that’s harmless enough and somewhat understandable. On the other hand, the current hack is not as easy to get or to execute.
Crashing the iOS 11 can be done with the use of profiles, which can be loaded locally or from a link in the browser. If you choose to download from the browser you have to run the profile and load it.
These kinds of profiles are used to grant users access to the Beta version of the OS, for example, or that allow users to install apps that are not available in the official store. If you access a third-party profile, you will notice that it’s written in a red font that says it’s not signed.
After you install it, despite all the warnings, you will be forced to see how page after page with fake apps are created. By the way, those fake apps can’t be uninstalled. The end result is the iOS crashing.
What’s the name of the exploit you ask?
The name is not all that attractive, as it’s called iXintpwn/YJSNPI. It’s basically a malicious profile that can be modified to be even worse. This is what the guys from EverythingApplePro did. Theirs’s can’t be uninstalled, and in some cases, it can even allow someone to bypass the lock screen and get into the pictures.
The idea is that if you receive a link profile via a link or you see something on a website, don’t download it. Unless it’s signed, it’s very likely that you’ll get a malicious profile that will end with the user reinstalling the OS, with the help of iTunes.
You can see a demonstration below, but please keep in mind that you mustn’t download or install this profile.
