For informational purposes only

According to the seller, the attack chain includes WebKit JIT vulnerabilities, a sandbox escape, and privilege escalation, providing full access to the /var/mobile directory and the ability to extract photos and videos, SMS/iMessage databases, call history, as well as Keychain contents in plaintext. The exploit's stability is 95% on clean installations, with PAC/PPL protection bypass included.

Type of vulnerability: RCE via iMessage/Safari (JavaScript engine)
Affected versions: 26.4.1 (A12–A19 Bionic/ARM64e)
Price (exclusive): $17K
Price (non‑exclusive): from $900 to $3K

💬 Discuss

Sale of a 0‑day exploit for iOS