YAPSF (Yet Another Apple Security Flaw): Info.plist Path Traversal

Abraham Masri (iabem97) has revealed a new flaw in Apple latest iOS 11.3 beta, allowing an Info.plist file to grab a file outside of the current application’s sandbox. Granted this is a beta OS, but still, this is another example of Apple seemingly rushing a release, & having all sorts of flaws. This is just the latest one.

Redmond Pie: Abraham Masri Drops iOS 11.3 0day Vulnerability, Hereโ€™s What That Means For Future Jailbreak
GitHub: iabem97/securityd-racer2
And here is the Wiki write-up that explains how an app’s Info.plist file can access another app’s icon:
GitHub: iabem97/writeups: Info.plist Path Traversal

Here’s a quick excerpt from that Wiki article that shows the sandbox escape:

Proper plist Entry
Screenshot showing a proper entry to the Info.plist file.

Improper plist Entry
Screenshot showing a proper entry to the Info.plist file.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.