YAPSF (Yet Another Apple Security Flaw): Info.plist Path Traversal

Abraham Masri (iabem97) has revealed a new flaw in Apple latest iOS 11.3 beta, allowing an Info.plist file to grab a file outside of the current application’s sandbox. Granted this is a beta OS, but still, this is another example of Apple seemingly rushing a release, & having all sorts of flaws. This is just the latest one.

Redmond Pie: Abraham Masri Drops iOS 11.3 0day Vulnerability, Here’s What That Means For Future Jailbreak GitHub: iabem97/securityd-racer2 And here is the Wiki write-up that explains how an app’s Info.plist file can access another app’s icon: GitHub: iabem97/writeups: Info.plist Path Traversal

Here’s a quick excerpt from that Wiki article that shows the sandbox escape: [caption id=“attachment_185” align=“alignleft” width=“739”] Screenshot showing a proper entry to the Info.plist file.[/caption]

[caption id=“attachment_186” align=“alignleft” width=“676”] Screenshot showing a proper entry to the Info.plist file.[/caption]