Security researcher Siguza published a really interesting paper about a strange bug in iOS XML parsers, still unpatched, that allows sandbox escape.

In his article [1], Siguza explains how to allow an app to gain full access to the entire file system, and more ­- using malformed XML comments constructed in a way that one of iOS's XML parsers reads them in one way, and another parser sees the file in another way.

In facts, iOS's sandboxing system uses XML for configuration files (Plists) and depends upon three different parsers, which interpret invalid XML input in slightly different ways.

The XML parser used to check whether an application should be allowed to launch doesn't see the fishy entitlements because it thinks they're inside a comment. Then, the parser used to determine whether an already running application has permission to do things that require entitlements sees the fishy entitlements and grants permission.

The exploit can be explained in a single tweet:

More technical details available on Hacker News thread [2].

The flaw is fixed in the new iOS beta release 13.5 so, still not available on stable branch.


  1. psychicpaper | iOS < 13.5 sandbox escape/entitlement 0day
  2. Psychic Paper: iOS Sandbox Escape | Hacker News