iOS 16 Exploit Lets You Change Your iPhone's Font System-Wide

[klasma]

If the exploit can change a protected system wide setting, bet it can be used for more nefarious things as well like deleting or editing protected system files.

More specifically, this app is using exploit CVE-2022-46689 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-46689), which allows to execute arbitrary code with kernel privileges. However, the tool is published as open-source code (https://github.com/zhuowei/WDBFontOverwrite), so everyone can check what it actually does.

The tool is just a public proof-of-concept project for how to exploit this CVE. People are making a mountain out of a molehill in this thread.

 

[addamas]

Brings back memories of good old Cydia Times ❤️

 

[jonnysods]

Whoever picks comic sans as their system default needs to get pushed over onto the ground.

 

[IIGS User]

A futile maneuver.

We will proceed to Sector Zero Zero One where you will be assimilated.

Wingdings here I come!

You beat me by 27 minutes. For a IIGS user, that is an eternity.


I'm sticking with the half aers Star Trek TNG references here. Hope they're not too obscure.

 

[ThunderSkunk]

who asked for this? genuine question

I did. Other designers did. Does knowing an anonymous name asked Apple for a feature it isn’t giving us help you get through your day?

 

[citysnaps]

who asked for this? genuine question

Nobody that I'm aware of. Is that important? Would a name be useful information?

Nice that option is available.

 

[dk001]

Can’t believe all the Negative Nancies here and trying to tell MR not to post stuff like this.
You want a baby-sitter for your device? Really?

 

[No5tromo]

Unbelievable! iOS 16 has been extremely stable and robust so far! *dramatic shocking and confused sounds*

 

[coffeemilktea]

Comic Sans as the system font? Multiple Apple designers are surely having a fit right now 🤣

 

[Pianoplayah]

i read that comic sans is actually very good for people with dyslexia. Can anyone with dyslexia confirm? Apple should actually let you change the font for accessibility reasons, which they claim to care a lot about.

 

[Razorpit]

Be careful about installing a 3rd party IPA file. The developer gets full access to your phone!

But Zhuowei Zhang sounds like an honest person.
…
…
…
…
🤣

 

[rungxanh2901]

Already old news. Besides, what's the point of this post if the latest is 16.2, while 16.1.2 and earlier releases are now unsigned?

 

[Shirasaki]

Heavily advised to …16.2?? Strongly, surely?!

Macrumours simply cannot say otherwise or they are promoting using older version of iOS, which is fiercely opposed by Apple. User decision on the other hand, is not their business.
Yes, I know there are security concerns etc etc but I don't just look at that angle.

 

[ThunderSkunk]

or they are promoting using older version of iOS, which is fiercely opposed by Apple

Funny that for all Apple’s talk of how super important to always keep your devices up to date (bc of security), I’ve got three devices on a shelf behind me which are among the millions that Apple had decided no longer need any security updates at all.

 

[H2SO4]

Same person who was really upset when Apple allowed you to change your wallpaper on your iPhone. /s

Doesn't surprise me for a second and probably true too.

Apple are slowly adding stuuf. What I can't get my head around is those that don't want you to have 'X' feature even though;
a). You having it doesn't affect them.
b). They don't have to have it themselves.

 

[roar08]

What could go wrong?

 

[lkrupp]

Being able to make simple customisations like this is partly why Android is so wholly dominant worldwide outside of USA, but I wouldn't endorse downloading something that exploits a security loophole in order to customize your iPhone. The whole idea seems sketchy as eff.

Err, umm, ahh, no, not even partly responsible. The only reason Android is dominate is because of price. The vast, vast, majority of Android devices sold are in the sub $300 range, a market Apple has steadfastly stayed out of. Apple completely dominates the premium market worldwide and that’s a fact. Samsung doesn’t even come close and Pixel is a rounding error. You should know that.

 

[lkrupp]

Already old news. Besides, what's the point of this post if the latest is 16.2, while 16.1.2 and earlier releases are now unsigned?

Yes, and I’m really disappointed that MacRumors chose to publish this article as some kind of customer service advice and then strongly advise users to upgrade to iOS 16.2 in the very last paragraph. I wonder if MacRumors would be legally liable for any damages caused to users who act on this.

 

[Unity451]

Sweet comic sans here I come!

Beat me to it.

 

[iManilaEnvelope]

Everyone suddenly becomes a class action consumer protection/trade law attorney over a post with the word “exploit” in the title. Cue the uninformed outrage MacRumors could be designated by the Justice Department as the world’s first material supporter of aesthetic cybercrime and the Axis of Wingdings.

An exploit (from the English verb to exploit, meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic…

 

[cnnyy20p]

SF Pro the best. 👍 The masterpiece of neo-grotesque.

 

[canadianpj]

Update to iOS 16 obliterating battery life and performance because of security, they said. It will be fine, they said.

My battery life has been fine since updating? It is fine, this is nothing.

 

[Dangerzone]

Comic Sans as the system font? Multiple Apple designers are surely having a fit right now 🤣

Let’s see how they react using this font.

 

[AndiG]

Not really. Apple has to supply APIs allowing apps to make system-wide changes like these. Having third-party App Store won't change how third-party apps can manipulate things on the system level.

The APIs area available - Apple calls em „private API“ since the beginning and no App is allowed to use em beside Apples own Apps. Apple forbids the use of private API and controls this in the App review process.

But 3rd party AppStores and Sideloading disables Apples control.

And of course this might be dangerous. But in the end it could finally allow me to pair my Apple watch with my bicycle computer - and so many other things, like Wifi scanning (there are valid usecases why an App should be allowed to do this).

 

[DeepWebinar]

it’s so funny when people are like “i NEED to be able to change the font on my phone” and the font they’re talking about is that illegible comic book font