A security researcher, named Linus Henze, has released an exploit that he found in the Safari web browser for iOS and macOS operating systems. Apple has already patched the exploit in iOS 12.1.1 so it is only valid on devices running iOS 12.1 or older version of iOS.
Theoretically, this Safari exploit can be used to develop an iOS 12 – iOS 12.1 jailbreak for iPhone, iPad, and iPod Touch devices. Someone has to do some polishing, hacking and developing to make use of this exploit to come up with an iOS 12.1 jailbreak. Since this exploit is found in the Safari browser, it can only be used to develop a Safari-based jailbreak (a userland jailbreak).
Here is an explanation from Linus Henze on the exploit:
This is an optimization error in the way RegEx matching is handled. By setting lastIndex on a RegEx object to a JavaScript object which has the function toString defined, you can run code although the JIT thinks that RegEx matching is side effect free.
Want a free Safari 0day? (Ok, it's actually a 1day because it's fixed in the latest WebKit version, but it still works in the latest version of Safari) Then go to https://t.co/CD9IwHUQP8
Please don't do evil stuff with this.
— Linus Henze (@LinusHenze) December 6, 2018
Earlier this week, another exploit was found inside of the iOS framework that may potentially lead to an iSO 12 jailbreak. However, it remains to be seen if someone from the hacking community is willing to put in an effort to come up with a publicly consumable jailbreak tool making use of these newly found exploits.
If you have been waiting to jailbreak your iOS device, you should avoid updating to iOS 12.1.1. If you already have upgraded to the latest version, you should follow a downgrade guide right away.
The post A Safari-based Exploit Raises Hopes for an iOS 12 Jailbreak appeared first on iPhoneHeat.
