JavaScriptCore Safari exploit released for iOS 13 Beta 3 and below

Luca Todesco, the developer behind Yalu jailbreak, demonstrated yesterday a Safari proof-of-concept exploit for iOS 13 Beta 3. Check out the full exploit below.    

Luca Todesco demonstrates iOS 13 Safari bug

Once again, Famed developer Luca Todesco has successfully pwned Apple’s latest operating system while it’s still in the beta development stage.

This time around, it’s Safari’s WebKit engine that has been exploited by the young hacker.                           

According to Todesco, this exploit is based on the “Structure::create should call didBecomePrototype()” WebKit bug

You can access the proof-of-concept webpage on rce.party/wtf.html if you have a compatible Apple device running iOS 13 beta 3 firmware or below.

Since the exploit is based on WebKit, you must use the stock Safari web browser app.    

Amy of RET2 Systems wrote a full-blown exploit for iOS 12.3.1 based on Luca’s proof-of-concept.

The security researcher also uploaded a video on her Twitter account demonstrating SOP (Same Origin Policy) bypass via arbitrary read/write.

Compatibility 

Luca has confirmed that this exploit is fully functional on iOS 13 Beta 2 firmware.

Some users who opened the aforementioned webpage via Safari also confirmed that the exploit is working just as expected on iOS 13 Beta 3 and below.

Safari exploit iOS 13

However, we couldn’t get it to work on a device running iOS 12.1.3 even after multiple attempts.       

Where does this leave us?

Unfortunately, developers will not burn a functional exploit on an outdated version such as iOS 12.1.3 or 12.2.

In spite of that, developers are making good progress, which could result in a full-blown jailbreak within a few months from iOS 13’s public release. 

Using Luca’s exploit, renowned hacker Ben Sparkes has also achieved root shell access on iOS 13 Beta 3.       

Furthermore, it’s highly unlikely that Apple will patch private exploit that’s still in the hands of hackers. So, staying on the lowest firmware, although recommended, will likely yield no dividends at all.    

Which iOS version are you going to stay on? Leave your replies below.         

4 Comments

  1. Fauno July 9, 2019
    • Gian July 12, 2019
      • Fauno July 12, 2019
        • Gian July 12, 2019

Leave a Reply

Share87
Tweet