Linus Henze releases Safari-centric exploit targeting iOS 12.1 and earlier

It was solely a few days agone that nosotros learned well-nigh a sandbox escape PoC for iOS 12.0-12.0.1, together with spell it was only a proof of concept, there’s ever the potential that a talented hacker could brand job of it for time to come endeavors; peradventure fifty-fifty jailbreak development.

Fortunately, that’s non the solely iOS 12-centric vulnerability floating approximately inwards the wild these days. As it would seem, a Safari-based exploit targeting iOS 12.1 together with below (and macOS 10.14.1 together with below) was too released this calendar week yesteryear iOS tinkerer Linus Henze.

Citing one of Henze’s Tweets, the exploit was in 1 lawsuit considered a ‘0-day,’ but because it’s patched inwards the latest WebKit version, he calls it a 1-day exploit instead:

Some additional earthworks into the affair reveals that the exploit is intended for Safari on both the iOS together with macOS platforms, but needs some additional tweaking to function properly on iOS. But according to the GitHub page’s to-do list, it seems that Henze mightiness accept plans to amend back upward for iOS inwards a time to come update.

”This is currently solely patched inwards the WebKit sources together with industrial plant amongst the latest version of Safari (macOS together with iOS, although this needs to live updated inwards social club to function amongst iOS),” Henze noted on his official GitHub repository. “Please don’t produce evil stuff amongst this; together with if you’re a normal user, this volition live useless for you.”

Curious well-nigh how the exploit works? Henze explains it best:

“This is an optimization mistake inwards the trend RegEx matching is handled. By setting lastIndex on a RegEx object to a JavaScript object which has the component division toString defined, y'all tin flaming run code although the JIT thinks that RegEx matching is side-effect free,” he said. “Exploitation is pretty like to @5aelo’s exploit for CVE-2018-4233, which tin flaming live flora here.”

While it’s all practiced together with fun that nosotros accept novel safety vulnerabilities together with software exploits at our fingertips, that doesn’t hateful that an iOS 12 jailbreak volition materialize for Earth anytime soon. KeenLab was 1 of the kickoff security firms to demonstrate that an iOS 12 jailbreak was possible, but it was never released together with kept internally for testing purposes.

Given the circumstances, nosotros don’t recommend upgrading to iOS 12 if you’re already jailbroken. If you’re non jailbroken, together with you’re waiting to jailbreak, together with then you should remain on the lowest firmware possible.

What are your thoughts well-nigh all these recent exploits? Let us know inwards the comments department below.

Share this post