Clarification on README.md about webkit-regex-exploit HOT 5 CLOSED

To 1: It's fixed in the master branch of WebKit. Apple has it's own version of WebKit which is usually multiple releases behind the current one and they haven't yet integrated the fix (Apple wants to make sure that the Version they ship is stable, usually the master branch contains many experimental and untested features). If you want Safari with the latest Version of WebKit, you can download Safari Technology Preview, which contains a pretty recent version of WebKit (only available for macOS). WebKit ships as part of iOS and macOS, so a iOS/macOS update is required.

To 2: This is not specific to Safari but to any WebKit based Browser that also uses JavaScriptCore as its JavaScript Engine.

To 3: Version r238267 fixes this.

To 4: I don't think so.

from webkit-regex-exploit.

Wow, thats horrifying. Good Find. So I guess for now mitigation would just be to disable JS until its patched.

Any reason why you posted the PoC before Apple was able to patch it? I am sure they are scrambling to fix it right now as once someone is able to repurpose this for IOS (if they haven't already), they will be able to do a lot with it. RCE exploits like this for IOS sell for a lot on the Black Market.

from webkit-regex-exploit.

Just wanted to force Apple to patch it. Also, there is a Bugreport on the WebKit bug tracker, so everyone could have made a PoC, still Apple didn't fix it in iOS 12.1.1/macOS 10.14.2 although the report was created on Nov. 15 (and the fix was integrated in WebKit the same day). (Ok, I found out about the bug report after I published this. However, the last time I submitted something to Apple they just silently patched it, that's probably part of the reason why I published the exploit without waiting for Apple to patch it.)

from webkit-regex-exploit.

Ah that makes sense. Thats weird that they silently patched it and never gave you a proper response / bug bounty. Well, I guess you have their attention now haha. I looked into it more and it still requires an additional kernel vulnerability to properly jailbreak a device so its not as dangerous as I first suspected. Apple has been having a lot of Kernel CVEs recently though. IOS 12.1.1 fixed like 5 Kernel Vulnerabilities IIRC.

I would be mad too though if I reported a vulnerability and they silently patched it. They have been criticized a lot recently for their bug bounty programs so its not anything new.

from webkit-regex-exploit.

I'm closing this issue. If you have any questions, feel free to reopen it.

from webkit-regex-exploit.