GlyphPatch

GlyphPatch is a MobileSubstrate tweak which aims to patch a vulnerability affecting iOS / OS X characters rendering engines which can be exploited through a malicious sequence of characters in order to achieve a DoS attack.

The main scope of this kind of attacks is to make a resource unavailable to the user: in this particular case, using this exploit, an attacker could make one of your apps unusable.

It has not been determined yet if there is a way to trigger arbitrary code execution by exploiting this vulnerability (depends on different factors, such as the kind of violation and how much you could control the crash based on the input): in fact, what it’s happening now is that people use this particular sequence of character to make your applications crash.

That might become a difficult issue to solve in some cases:

  • when an application which handles documents (of any kind) ‘remembers’ its state and keeps the same document open across different launches

  • when an application ‘remembers’ its state across launches and keeps opening the same thread/conversation containing the malicious string (e.g. MobileSMS, handling SMS/iMessage)

  • when there is no way for the user to prevent an application from trying to render that string (e.g. that string is used as the SSID of a network)

(I know that you can use some workarounds for iMessage, for example, but many people find themselves unable to open the app and don’t know about the workarounds at all)

By installing this tweak you can protect yourself from this particular attack on iOS. Since the vulnerability has been fixed on iOS 7, I don’t know if Apple will issue a 6.x update just to fix it before the next major release. So, if you don’t want to loose your jailbreak and be immune against that attack, just install it from Cydia.

If you’re interested about how it works, you can check the source code on Github (there is also a technical explanation in the README).

PS: I’m also working on a fix for OS X, but that may be harder for people to use as it involves injecting a dynamic library into every process making use of CoreText.

PS2: Unfortunately there are still some very isolated cases which trigger the crash: from what I’ve currently determined, those edge cases can be encountered only while viewing particular web pages, such as the Desktop mode of a tumblr blog containing that character sequence.

So, it’s time to let you all know how my cancer fund is going. LivelyIcons was released almost 2 months ago, and I must thank all the people who purchased it from the Cydia Store!

First of all, I must thank Saurik, who decided to help me with this cause, by changing his normal fees on LivelyIcons:

I have set the LivelyIcons fee calculation at 14/86 
(instead of 30/70) based upon doing some math for "at cost" 
and sent you a payout for this product.

The payout he’s referring to consists in $5,344.70. Today, I’m proud to announce that I’ve donated the first $2,500.00 to Because of Ezra, the charity founded by Kyle and Robyn Matthews.

In the next days, I’ll be donating 2.200€ ($2,885.31) to La Città della Speranza, an italian association focused on cancer research. As usual, I’ll keep you updated.

Please, spread the word as much as you can and let your friends know about LivelyIcons and how they can help cancer research. Thanks for your support!