In case you weren’t already aware, there was a Safari-based remote code execution (RCE) bug in the wild that Apple patched in a rapid security update for iOS & iPadOS 16.5.1 dubbed CVE-2023-37450, and ENKI WhiteHat is credited with the original proof of concept (PoC) showcasing the bug. But what if we told you someone made an exploit out of it? Interestingly enough, that seems to be exactly what has happened.
In a post shared to social media platform X (formerly Twitter), South Korean security researcher @wh1te4ever shared a link to a 1day remote code execution exploit based on this proof of concept that they call WebKit Bug 256172 and subsequently provided a demonstration video showcasing the bug at work.
The demonstration video, embedded above for your viewing pleasure, showcases @wh1te4ever opening a Safari window, clicking on a shortcut to a special web page, and then clicking on a bland “pwn” button to execute the exploit. A secondary Console window shows stage 1 of the exploit being loaded successfully in the log.
At noted on the project’s GitHub page, WebKit Bug 256172 is likely patched in rapid security update for iOS & iPadOS 16.5.1 and macOS 13.4.1, but it has been tested and confirmed working on devices running iOS & PadOS 15.8.2 and macOS 13.3.1.
Another thing worth noting is that this is a 1day exploit. While the more coveted 0day exploit is something that the device and software manufacturer knows nothing about at the time of release, a 1day exploit instead leverages an attack on some sort of vulnerability that has already been publicly disclosed.
While neat, the big question everyone is undoubtedly asking is whether this will result in a jailbreak for iPhones and iPads, and while we wish we had better news, the likely answer is no. That’s because we already have the Dopamine jailbreak for these firmware versions, so developing a second jailbreak would be both redundant and wasteful of time and resources.
An exploit for newer firmware that Dopamine doesn’t support would be even cooler, but then hackers would need to come out with a newer PPL or SPTM bypass, which doesn’t yet exist at the time of this writing. With that in mind, a mere exploit wouldn’t be enough for jailbreak developers to create a tool for end users right now – we’d still need more.
In any case, it’s cool to see security researchers doing things with known vulnerabilities. As more and more of these become disclosed, we may start to see exploits for even newer versions of iOS & iPadOS, much like the SparseRestore exploit, which can be used on much newer firmware than what’s currently jailbreakable with Dopamine to do things like install the TrollStore perma-signing utility on iOS & iPadOS 17.0 and older and to allow hacks on iOS & iPadOS 18.1 beta 5 and older.
Are you interested to see what comes next in the iPhone & iPad hacking community? If so, then keep it tuned to iDB as we continue monitoring new developments in this space.