Developer Uses iOS 16 Exploit To Change System Font Without Jailbreak

A developer managed to use an exploit found in iOS 16 to change the default font of the system without jailbreak. 9to5Mac reports: Zhuowei Zhang shared his project on Twitter, which he calls a "proof-of-concept app." According to Zhang, the app he developed uses the CVE-2022-46689 exploit to overwrite the default iOS font, so that users can customize the system's appearance with a different font other than the default (which is San Francisco). The CVE-2022-46689 exploit affects devices running iOS 16.1.2 or earlier versions of the operating system, and it basically lets apps execute arbitrary code with kernel privileges. The exploit was fixed with iOS 16.2, which also fixed a bunch of other security breaches found in the previous version of iOS.

Since iOS has its own font format, the developer performed the experiment using only a few fonts, including DejaVu Sans Condensed, Serif, Mono, and Choco Cooky. And in case you're wondering, Choco Cooky is the weird font that used to come pre-installed by default on Samsung smartphones. Now you can finally have it on your iPhone. Zhang explains that the process should be safe for everyone, since all changes are reversed after rebooting the device. Still, the developer recommends users trying out the app to back up their devices before replacing the default system font. He also details that the change only affects some of the text on iOS, as other parts of the system use different fonts. More details about the project, including its source code, are available on GitHub.

Re:

[WankerWeasel]

You don't have to. You can install 3rd party fonts and then you simply to go settings to change it.

Settings > General > Fonts

Re: pathetic

[immanentize]

How thorough is the font setting though? I always remember there being 'fonts' but they only worked in word processing apps - not like the system dialogs and UI stuff.

Who cares if it not a jailbreak?

[Kernel Kurtz]

Jailbreaks add huge functionality to iPhones. Fonts are just, well, fonts.

Would be much more newsworthy if he could build something useful on this.

Re: Who cares if it not a jailbreak?

[SleepingEye]

It was a privilege escalation but granting kernel privileges.... but for some reason instead of "security hole" negative messaging, we get "omg we can do things again" positive article

Re:

[Kernel Kurtz]

It was a privilege escalation but granting kernel privileges.... but for some reason instead of "security hole" negative messaging, we get "omg we can do things again" positive article

Yeah it's funny with iPhones how those are mostly the same thing.

Re:

[Kernel Kurtz]

The iPhone isn't what you want, stop trying to fuck it up for the people happy with it.

If you are happy with it, what other people do really shouldn't matter. I can only assume since the biggest detractors of sideloading and 3rd party app stores are Apple fans that you must assume all your fellow iPhone users are too stupid to handle it. You may even be right.

Re:

[DrXym]

Yes and no. If you can trigger the OS to set an untrusted font into privileged processes, then perhaps you could develop it further exploits. e.g. if the font loading code was vulnerable to some kind of buffer overflow attack that a crafted font file could take advantage of. I'm sure that's exactly why Apple wanted to patch this before it could be developed into something more serious.

Ohh the horror!

[imcdona]

This must be stopped. Users changing the system font to something more appealing to their taste without Apples express permission is a violation of all that is sacred.

Re:

[WankerWeasel]

You can change the font as simply as going to Settings > General > Fonts and change it to any 3rd party font you install.

Re:

[PPH]

It's as if the voices of a million graphics designers cried out in terror and were suddenly silenced.

Re:

[WankerWeasel]

It's always used their own default font in iOS but you can change it to any font you'd like to install from a 3rd party. Just go to Settings > General > Font

For what it's worth, SF Pro (the default system font), is great. It's specially made with mobile in mind. Most don't bother to change their fonts, despite being able to do so for years.

Re:

[ArchieBunker]

I’m not a fan of the now enormous time that’s displayed on the lock screen.

Re:

[WankerWeasel]

You don't have to change the font to adjust that. You can customize the Lock Screen in many ways, including decreasing the size of the time or even getting rid of it, if it bothers you.

Re:

[oogoliegoogolie]

Many people are not fans of the "rearranging furniture" UI changes in IOS16.

Ram exploit

[Wires Computing]

I wonder if this is simply a ram exploit that works on boot, but then after reboot it will vanish. This reminds me of tethered jailbreaks from back in the day.

This wasn't really about the font

[aldousd666]

Changing the font was demonstrating privileged code execution. It wasn't some font bug in particular. Kids these days!

Hack to change Fonts? Nice. ...Comic Sans?!?? ....

[Qbertino]

Deploy Corporate Killsquad!

The facts...

[gnasher719]

It's based on an exploit published by Apple and fixed in iOS 16.2. And what it does is something that the end user always could do by going into Settings. It goes away after restarting your phone.

So worst case it is a prank that is easily fixed.