Linus Henze releases Safari-centric exploit targeting iOS 12.1 and earlier

It was only a few days ago that we learned about a sandbox escape PoC for iOS 12.0-12.0.1, and while it was just a proof of concept, there’s always the potential that a talented hacker could make use of it for future endeavors; perhaps even jailbreak development.

Fortunately, that’s not the only iOS 12-centric vulnerability floating around in the wild these days. As it would seem, a Safari-based exploit targeting iOS 12.1 and below (and macOS 10.14.1 and below) was also released this week by iOS tinkerer Linus Henze.

Citing one of Henze’s Tweets, the exploit was once considered a ‘0-day,’ but because it’s patched in the latest WebKit version, he calls it a 1-day exploit instead:

Some additional digging into the matter reveals that the exploit is intended for Safari on both the iOS and macOS platforms, but needs some additional tweaking to work properly on iOS. But according to the GitHub page’s to-do list, it seems that Henze might have plans to improve support for iOS in a future update.

”This is currently only patched in the WebKit sources and works with the latest version of Safari (macOS and iOS, although this needs to be updated in order to work with iOS),” Henze noted on his official GitHub repository. “Please don’t do evil stuff with this; and if you’re a normal user, this will be useless for you.”

Curious about how the exploit works? Henze explains it best:

“This is an optimization error in the way RegEx matching is handled. By setting lastIndex on a RegEx object to a JavaScript object which has the function toString defined, you can run code although the JIT thinks that RegEx matching is side-effect free,” he said. “Exploitation is pretty similar to @5aelo’s exploit for CVE-2018-4233, which can be found here.”

While it’s all good and fun that we have new security vulnerabilities and software exploits at our fingertips, that doesn’t mean that an iOS 12 jailbreak will materialize for the public anytime soon. KeenLab was one of the first security firms to demonstrate that an iOS 12 jailbreak was possible, but it was never released and kept internally for testing purposes.

Given the circumstances, we don’t recommend upgrading to iOS 12 if you’re already jailbroken. If you’re not jailbroken, and you’re waiting to jailbreak, then you should stay on the lowest firmware possible.

What are your thoughts about all these recent exploits? Let us know in the comments section below.