Linus Henze releases Safari-centric exploit targeting iOS 12.1 Jailbreak

Fortunately, that’s not the only iOS 12-centric vulnerability floating around in the wild these days. As it would seem, a Safari-based exploit targeting iOS 12.1 and below (and macOS10.14.1 and below) was also released this week by iOS tinkerer Linus Henze.

This exploit can be potentially used for an iOS 12 – iOS 12.1.jailbreak, though that’s only on paper. Someone has to do the heavy lifting of actually using this exploit to create an iOS 12 – iOS 12.1 jailbreak. And since this is a Safari-based jailbreak, it can only be used to create a Safari-based jailbreak.

Want a free Safari 0day? (Ok, it’s actually a 1day because it’s fixed in the latest WebKit version, but it still works in the latest version of Safari) Then go to https://t.co/CD9IwHUQP8

Please don’t do evil stuff with this.
— Linus Henze (@LinusHenze) December 6, 2018

This is an optimization error in the way RegEx matching is handled. By setting lastIndex on a RegEx object to a JavaScript object which has the function toString defined, you can run code although the JIT thinks that RegEx matching is side effect free.

KeenLab was one of the first security firms to demonstrate that an iOS 12 jailbreak was possible, but it was never released and kept internally for testing purposes.

Given the circumstances, we don’t recommend upgrading to iOS 12 if you’re already jailbroken. If you’re not jailbroken, and you’re waiting to jailbreak, then you should stay on the lowest firmware possible.

Leave a Reply

Your email address will not be published. Required fields are marked *