Apple’s latest iOS 12.4 update has unpatched a previous vulnerability leaving iPhones open for jailbreak, according to reports. A public jailbreak for iOS 12.4 has also been posted on Github by security researcher Pwn20wnd, according to MotherBoard, which first reported the issue. Users have managed to jailbreak their iPhones as well with this.
However, iOS 12.4 makes jailbreaking possible once again and also leaves iPhones vulnerable to hacking, according to reports. It seems that the issue was patched in iOS 12.3 update, but the iOS 12.4 update undoes all of that work. Apple has not yet commented on the issue.
“Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable—which means they are also vulnerable to what is effectively a 100+ day exploit,” Jonathan Levin, a security researcher told Motherboard.
Pwn20wnd, the researcher who developed the jailbreak told Motherboard that someone could make the “perfect spyware” taking advantage of Apple’s mistake. According to the researcher, one way this could be exploited is by allowing an app to escape the iOS sandbox, which prevents apps from seeing data of others apps. A malicious app could thus steal user data.
People are asking me how real the threat is that someone will incorporate the iOS 12.4 jailbreak into a malicious AppStore app. Well let me just say that as far as I remember there was never before source code for a jailbreak publicly available before it was patched.
— Stefan Esser (@i0n1c) August 19, 2019
The report also quotes Stefan Esser, a researcher who teaches iOS hacking as saying that users need to be careful before installing an app from the App Store.
“People are asking me how real the threat is that someone will incorporate the iOS 12.4 jailbreak into a malicious AppStore app. Well let me just say that as far as I remember there was never before source code for a jailbreak publicly available before it was patched,” he tweeted.