WebKit-RegEx-Exploit can lead to a remote Safari jailbreak for iOS 12

WebKit-RegEx-Exploit, which was released a few days back, could possibly be used to develop an iOS 12 jailbreak. Here’s all you need to know about this latest development. 

Safari exploit for iOS 12.1 and below released  

On December 6, Apple hacker Linus Henze made public WebKit-RegEx-Exploit – a 0-day exploit for iOS 12.1 and below.     

Although this exploit is fixed in the latest version of the WebKit engine, it still works on mobile Safari’s latest version.

Despite Apple’s stringent security measures, there’s not a single iteration of iOS 12 that isn’t vulnerable. Further, all versions since macOS 10.14.0 are vulnerable as well.

Interestingly, the WebKit-RegEx-Exploit also works on iOS 12.1.1 – the latest stable firmware version of iOS 12. However, it’s effectively useless because iOS doesn’t support shellcode loading out-of-the-box.

Implementing shellcode is not an easy task by any means. Nevertheless, Linus, an accomplished hacker from Germany, is confident that he can build shellcode loading into iOS at a later stage.   

iOS 12 jailbreak progress so far

Renowned whitehat security researcher Min Zheng has confirmed that this exploit could be used to develop a remote jailbreak.

For those who aren’t familiar with hacker jargon, a remote jailbreak or an “RJB” is one that can be used to hack a device over the air through Safari. 

Fortunately, things are picking up in the jailbreak community – all thanks to hackers like Linus Henze and Ian Beer. WebKit-RegEx-Exploit for Safari, though useful, can’t lead to a full-blown jailbreak unaccompanied by other vulnerabilities and exploits. 

We still require a powerful kernel exploit that can put a real dent in iOS 12’s security infrastructure.   

If you are still on iOS 11.4 (final) or above, upgrade your Apple device to iOS 12.1 if you haven’t already.

The first beta update of iOS 12.1.2 will go public sometime during the next week, and chances are high that Apple will stop signing iOS 12.1 for all compatible devices. 

13 Comments

  1. confused December 13, 2018
    • Gian December 14, 2018
  2. Joatan December 13, 2018
    • Gian December 14, 2018
  3. Karim December 11, 2018
    • Gian December 14, 2018
  4. Karim December 10, 2018
    • Gian December 11, 2018
  5. Karim December 10, 2018
  6. Fauno December 10, 2018
    • Gian December 11, 2018
  7. Aaron December 9, 2018
    • Gian December 11, 2018

Leave a Reply

Share34
Tweet