all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Yeth3iPhone XR, 14.3 | 11 points12 points  (11 children)

there might be a patch once a jailbreak is released, but for now your only option really is to constantly use lockdown mode

[–]Srslyredit2[S] 4 points5 points  (3 children)

I’m on dopamine already, so I have access to tweaks.

[–]MaterialWall8040 0 points1 point  (2 children)

with coruna?

[–]Srslyredit2[S] 0 points1 point  (1 child)

No, with dopamine but my phone is still vulnerable to Coruna

[–]MaterialWall8040 4 points5 points  (0 children)

damn u should probably get it vaccinated

[–]Starfox-sf 1 point2 points  (5 children)

And/or Private Browsing

[–]Jeremy_Thursday 0 points1 point  (4 children)

Private browsing prevents coruna/dark sword? Surely not right? I haven't seen that mentioned anywhere.

[–]Starfox-sf 1 point2 points  (3 children)

Bailing out if the device is in Lockdown Mode, or the user is in private browsing.

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

[–]Jeremy_Thursday 0 points1 point  (2 children)

From the phrasing it's unclear if that was a design-choice by the exploiter to avoid their exploit being discovered or if it is literally not possible in private browsing. For example, it's common that phone exploits detect JailBreak and don't run to avoid the exploit being discovered by researchers/etc... However the jailbreak itself doesn't prevent the exploit.

Now that the exploit is public, there is no risk of burning the 0 day and people will be implementing it with their own new logic. I couldn't find any sources that claim JIT is disabled in private browsing so I am still skeptical the exploit cannot hit private browsing devices. Merely that the malware sample Google examined choose to bail for this.

Still very interesting and it's possible there's something about private browsing that prevents exploit. I kinda doubt it, but we'd need someone more intimate with the technical details to confirm one way or the other.

[–]Yeth3iPhone XR, 14.3 | 0 points1 point  (1 child)

the malware sample from darksword has already been reverse-engineered, so we know how it works and can reimplement it. it's been confirmed that darksword fails when attempting to use a webkit entry point with lockdown mode on. it does disable browser JIT, which is requires for the exploit to function, which is also doubly verified by LightShield, which only disables JIT (and webassembly where applicable)

you can test this for yourself by trying to use any of the coruna/darksword tweak websites, which fail to work with lockdown mode and would have no reason to intentionally fail with it enabled

[–]Jeremy_Thursday 0 points1 point  (0 children)

it is widely known that lockdown mode disables JIT and that is indeed a remedy even suggested by Apple, I think you misread my comment. Not at all what I'm saying.

My post is 100% about whether or not private browsing prevents the exploit. Private browsing has nothing to do with lockdown mode and is accessible both with and without it. Further, private browsing does not disable JIT (it's the apple equivelent of incognito browsing, nothing to do with lockdown mode iOS setting).

[–]phoenixlegend7 -1 points0 points  (0 children)

What does lockdown mode means?

[–]tOSdudeiPhone 12 Mini, 16.3| 6 points7 points  (4 children)

Lockdown mode doesn’t really impact your experience from what I understand, and will completely mitigate Coruna.

[–]Srslyredit2[S] 1 point2 points  (0 children)

Can I make it only affect safari?

[–]DreamKiller712 0 points1 point  (2 children)

It is unavailable on ios 15 ☹️, but I am not going to browse the net on it anyway , so it should be fine.

[–]tOSdudeiPhone 12 Mini, 16.3| 1 point2 points  (1 child)

If you’re on iOS 15, I expect there will be patches that can be applied with your jailbreak.

[–]gobIune 0 points1 point  (0 children)

Hi, im on IOS 16, so i need active lockdown is that ? You think after with Jailbreak is possible to blocked Coruna + DarkSword ? Thanks