Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IOS Iphone

Developer Uses iOS 16 Exploit To Change System Font Without Jailbreak (9to5mac.com) 22

A developer managed to use an exploit found in iOS 16 to change the default font of the system without jailbreak. 9to5Mac reports: Zhuowei Zhang shared his project on Twitter, which he calls a "proof-of-concept app." According to Zhang, the app he developed uses the CVE-2022-46689 exploit to overwrite the default iOS font, so that users can customize the system's appearance with a different font other than the default (which is San Francisco). The CVE-2022-46689 exploit affects devices running iOS 16.1.2 or earlier versions of the operating system, and it basically lets apps execute arbitrary code with kernel privileges. The exploit was fixed with iOS 16.2, which also fixed a bunch of other security breaches found in the previous version of iOS.

Since iOS has its own font format, the developer performed the experiment using only a few fonts, including DejaVu Sans Condensed, Serif, Mono, and Choco Cooky. And in case you're wondering, Choco Cooky is the weird font that used to come pre-installed by default on Samsung smartphones. Now you can finally have it on your iPhone. Zhang explains that the process should be safe for everyone, since all changes are reversed after rebooting the device. Still, the developer recommends users trying out the app to back up their devices before replacing the default system font. He also details that the change only affects some of the text on iOS, as other parts of the system use different fonts.
More details about the project, including its source code, are available on GitHub.
This discussion has been archived. No new comments can be posted.

Developer Uses iOS 16 Exploit To Change System Font Without Jailbreak

Comments Filter:
  • Jailbreaks add huge functionality to iPhones. Fonts are just, well, fonts.

    Would be much more newsworthy if he could build something useful on this.
    • It was a privilege escalation but granting kernel privileges.... but for some reason instead of "security hole" negative messaging, we get "omg we can do things again" positive article
      • It was a privilege escalation but granting kernel privileges.... but for some reason instead of "security hole" negative messaging, we get "omg we can do things again" positive article

        Yeah it's funny with iPhones how those are mostly the same thing.

    • by DrXym ( 126579 )
      Yes and no. If you can trigger the OS to set an untrusted font into privileged processes, then perhaps you could develop it further exploits. e.g. if the font loading code was vulnerable to some kind of buffer overflow attack that a crafted font file could take advantage of. I'm sure that's exactly why Apple wanted to patch this before it could be developed into something more serious.
  • by imcdona ( 806563 ) on Tuesday December 27, 2022 @08:32PM (#63162652)
    This must be stopped. Users changing the system font to something more appealing to their taste without Apples express permission is a violation of all that is sacred.
    • You can change the font as simply as going to Settings > General > Fonts and change it to any 3rd party font you install.

    • by PPH ( 736903 )

      It's as if the voices of a million graphics designers cried out in terror and were suddenly silenced.

  • I wonder if this is simply a ram exploit that works on boot, but then after reboot it will vanish. This reminds me of tethered jailbreaks from back in the day.
  • Changing the font was demonstrating privileged code execution. It wasn't some font bug in particular. Kids these days!
  • The facts... (Score:4, Interesting)

    by gnasher719 ( 869701 ) on Wednesday December 28, 2022 @05:38AM (#63163200)
    It's based on an exploit published by Apple and fixed in iOS 16.2. And what it does is something that the end user always could do by going into Settings. It goes away after restarting your phone.

    So worst case it is a prank that is easily fixed.

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...