It was only a few days ago that we learned abouta sandbox escape PoC for iOS 12.0-12.0.1, and while it was just a proof of concept, there’s always the potential that a talented hacker could make use of it for future endeavors; perhaps evenjailbreakdevelopment.
Fortunately, that’s not the onlyiOS 12-centric vulnerability floating around in the wild these days. As it would seem, aSafari-based exploit targetingiOS 12.1and below (andmacOS10.14.1 and below) was also released this week by iOS tinkerer Linus Henze.
Citingone of Henze’s Tweets, theexploitwas once considered a ‘0-day,’ but because it’s patched in the latestWebKitversion, he calls it a 1-day exploit instead:
Some additional digging into the matter reveals that the exploit is intended for Safari on both the iOS and macOS platforms,but needs some additional tweaking to work properly on iOS. But according to theGitHubpage’s to-do list, it seems that Henze might have plans to improve support for iOS in a future update.
”This is currently only patched in the WebKit sources and works with the latest version of Safari (macOS and iOS, although this needs to be updated in order to work with iOS),” Henzenoted on his official GitHub repository. “Please don’t do evil stuff with this; and if you’re a normal user, this will be useless for you.”
Curious about how the exploit works? Henze explains it best:
“This is an optimization error in the way RegEx matching is handled. By setting lastIndex on a RegEx object to a JavaScript object which has the function toString defined, you can run code although the JIT thinks that RegEx matching is side-effect free,” he said. “Exploitation is pretty similar to @5aelo’s exploit for CVE-2018-4233, which can be foundhere.”
While it’s all good and fun that we have new security vulnerabilities and software exploits at our fingertips, that doesn’t mean that an iOS 12 jailbreak will materialize for the public anytime soon. KeenLab was one of the firstsecurityfirmsto demonstrate that an iOS 12 jailbreak was possible, but it was never released and kept internally for testing purposes.
Given the circumstances, we don’t recommend upgrading to iOS 12 if you’re already jailbroken. If you’re not jailbroken, and you’re waiting to jailbreak, thenyou should stay on the lowest firmware possible.
What are your thoughts about all these recent exploits? Let us know in the comments section below.
