Comments (5)
To 1: It's fixed in the master branch of WebKit. Apple has it's own version of WebKit which is usually multiple releases behind the current one and they haven't yet integrated the fix (Apple wants to make sure that the Version they ship is stable, usually the master branch contains many experimental and untested features). If you want Safari with the latest Version of WebKit, you can download Safari Technology Preview, which contains a pretty recent version of WebKit (only available for macOS). WebKit ships as part of iOS and macOS, so a iOS/macOS update is required.
To 2: This is not specific to Safari but to any WebKit based Browser that also uses JavaScriptCore as its JavaScript Engine.
To 3: Version r238267 fixes this.
To 4: I don't think so.
from webkit-regex-exploit.
Wow, thats horrifying. Good Find. So I guess for now mitigation would just be to disable JS until its patched.
Any reason why you posted the PoC before Apple was able to patch it? I am sure they are scrambling to fix it right now as once someone is able to repurpose this for IOS (if they haven't already), they will be able to do a lot with it. RCE exploits like this for IOS sell for a lot on the Black Market.
from webkit-regex-exploit.
Just wanted to force Apple to patch it. Also, there is a Bugreport on the WebKit bug tracker, so everyone could have made a PoC, still Apple didn't fix it in iOS 12.1.1/macOS 10.14.2 although the report was created on Nov. 15 (and the fix was integrated in WebKit the same day). (Ok, I found out about the bug report after I published this. However, the last time I submitted something to Apple they just silently patched it, that's probably part of the reason why I published the exploit without waiting for Apple to patch it.)
from webkit-regex-exploit.
Ah that makes sense. Thats weird that they silently patched it and never gave you a proper response / bug bounty. Well, I guess you have their attention now haha. I looked into it more and it still requires an additional kernel vulnerability to properly jailbreak a device so its not as dangerous as I first suspected. Apple has been having a lot of Kernel CVEs recently though. IOS 12.1.1 fixed like 5 Kernel Vulnerabilities IIRC.
I would be mad too though if I reported a vulnerability and they silently patched it. They have been criticized a lot recently for their bug bounty programs so its not anything new.
from webkit-regex-exploit.
I'm closing this issue. If you have any questions, feel free to reopen it.
from webkit-regex-exploit.
Related Issues (4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webkit-regex-exploit.