A developer named Zhuowei Zhang has shared a proof-of-concept app via Twitter that allows the default iOS fonts to be changed on iOS 16.1.2 and below. The app uses an iOS 16 exploit and doesn’t require a complete jailbreak.
Modern jailbreaking is night and day compared to the glory days. With that said, the scene is still active and many extremely competent individuals are still working on breaking iOS security and developing jailbreak tools and exploits.
This latest app from developer Zhuowei Zhang uses the CVE-2022-46689 exploit to overwrite Apple’s default font choice within the iOS ecosystem.
Because of the exploit used, the app is compatible with versions of iOS 16 below iOS 16.1.2. Apple has actually already patched the exploit mentioned above with the release of iOS 16.2, hence why the proof-of-concept app will not function on devices running iOS 16.2. By taking advantage of CVE-2022-4889 – which, incidentally, was discovered by Ian Beer of Google Project Zero – Zhang is able to inject his own code with kernel privileges into the iPhone 8 hardware and newer.
Rather than have an extensive app, Zhang has simply included a few additional fonts that can be used within the iOS ecosystem when this app is running. The developer has included DejaVu Sans Condensed, Serif, Mono, and, perhaps rather bizarrely, the Choco Cooky font that used to ship on certain Samsung smartphones. So, if you have an overwhelming desire to have the old Samsung font on your iPhone, you now can!
This is the final release for my app that overwrites the iOS system font on unjailbroken iOS 16.1.2.https://t.co/W810eiDKwN
Import custom fonts (fonts must be ported for iOS)
Override emoji and Simplified ChineseI hope this inspires devs to experiment with CVE-2022-46689. pic.twitter.com/OVUthcxX3z
— Zhuowei Zhang (@zhuowei) December 28, 2022
For those that may be worried about safety or the POC, or actually getting stuck with a random font, worry not! Zhang has also confirmed that all changes are simply removed and overwritten with each reboot of the device. It’s also worth noting that the app only changes fonts in certain parts of the iOS ecosystem as some parts utilize different fonts.
I added more fonts to my app that overwrites the iOS system font using CVE-2022-46689 on unjailbroken iOS 16.1.2 and below.https://t.co/U6IIPLKBHz
Go Regular, Go Mono, Segoe UI, and Comic Sans MS. pic.twitter.com/agHpYkmRqC— Zhuowei Zhang (@zhuowei) December 27, 2022
The source code and additional information for the WDBFontOverwrite proof-of-concept are hosted on Github.
You may also like to check out:
- Download: iOS 16.2 Final OTA Profile File, IPSW Links Released
- How To Fix Bad iOS 16 Battery Life Drain [Guide]
- Jailbreak iOS 16.2 On iPhone And iPad Latest Status Update
- iOS 16 Compatible And Supported iPhone, iPad, iPod touch Devices
- iOS 16 Hidden Features: 100+ Changes Apple Didn’t Tell Us About
- Download: iPadOS 16.2 Final OTA Profile, IPSW Links Released
- iOS 16.2 Jailbreak Palera1n Download Released, Based On Checkm8 Exploit
You can follow us on Twitter, or Instagram, and even like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple, and the Web.
