The user is unable to make any changes to the font that is used by iOS at this time. Although Apple does not provide this feature, a third-party developer has found a way to circumvent the need for jailbreaking by taking advantage of a security flaw. Only versions of iOS older than 16.1.2 are supported.
Zhuowei Zhang has posted a link to his idea, which he refers to as a “proof-of-concept app,” on Twitter. According to Zhang, the application that he built exploits the CVE-2022-46689 attack to replace the default iOS font. This allows users to alter the look of the system by selecting a font other than the default font. Zhang designed the application (which is San Francisco).
The CVE-2022-46689 attack is present on devices that are running iOS 16.1.2 or previous versions of the operating system, and it essentially grants applications the ability to execute arbitrary code with kernel privileges. This exploit affects only Apple products. The vulnerability was resolved in iOS 16.2, which also patched a number of other vulnerabilities discovered in earlier versions of iOS. The exploit was one of these vulnerabilities.
This vulnerability is known as CVE-2022-46689 (CVSS score: 8.4). The vulnerability may be used to run arbitrary code with kernel privileges, and it can, of course, also be used to change fonts. Both of these capabilities are possible thanks to the vulnerability.
As a result of a race situation present in the iOS kernel, the CVE-2022-46689 vulnerability makes it possible for a local authenticated attacker to acquire elevated access on the machine. An authorized attacker might take advantage of this vulnerability to execute arbitrary code with kernel privileges if the attacker sent a request that had been carefully constructed.
On Twitter, the proof-of-concept was sent by the developer @Zhuowei Zhang. Even though it may be claimed that the change to the font is worldwide, some fonts simply cannot be substituted. The typefaces need to be adapted for use on iOS before they can be imported into the system.
CVE-2022-46689
In addition, changing the typeface on an iPhone has no impact since, as long as the system is rebooted, everything will revert back to how it was before. At this time, the alteration to the typeface does not seem to be continuing.
Even if Zhang’s app does not need to be jailbroken in order to be installed on an iPhone or iPad, doing so may not be the easiest thing in the world. This is due to the fact that in order to install it on your device, you will either need to manually sign the IPA file with a developer certificate or construct the Xcode project yourself before installing it.
In spite of this, it is fascinating to see what the developer has accomplished without the need of jailbreaking the device. On GitHub, you may find further information on the project, including its source code, as well.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
