Apple iOS 12.4 leaves iPhones open to jailbreaking as it unpatches previous vulnerabilityhttps://indianexpress.com/article/technology/mobile-tabs/apple-ios-12-4-makes-iphones-open-to-jailbreaking-as-it-unpatched-a-previous-vulnerability-5923973/

Apple iOS 12.4 leaves iPhones open to jailbreaking as it unpatches previous vulnerability

Apple's latest iOS 12.4 update has unpatched a previous vulnerability leaving iPhones open for jailbreak and potentially vulnerable to hacking

Apple, Apple iOS 12 jailbreak, iOS 12.4 jailbreak, iOS 12.4 jailbreak
Apple iOS 12.4 update unpatches security vulnerability, now a public jailbreak for iOS 12 is available making iPhones vulnerable to hacking. (Image source: Bloomberg)

Apple’s latest iOS 12.4 update has unpatched a previous vulnerability leaving iPhones open for jailbreak, according to reports. A public jailbreak for iOS 12.4 has also been posted on Github by security researcher Pwn20wnd, according to MotherBoard, which first reported the issue. Users have managed to jailbreak their iPhones as well with this.

Jailbreaking an iPhone used to be a trend in the earlier days of iPhone and iOS, and it would allow iPhone users to add apps and other features that Apple would not permit. Apple’s iOS has its own limitations in terms of user interface and apps can only be installed from the official App Store. The restrictions are in place to protect users from installing malicious apps.

However, iOS 12.4 makes jailbreaking possible once again and also leaves iPhones vulnerable to hacking, according to reports. It seems that the issue was patched in iOS 12.3 update, but the iOS 12.4 update undoes all of that work. Apple has not yet commented on the issue.

“Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable—which means they are also vulnerable to what is effectively a 100+ day exploit,” Jonathan Levin, a security researcher told Motherboard. 

Advertising

Pwn20wnd, the researcher who developed the jailbreak told Motherboard that someone could make the “perfect spyware” taking advantage of Apple’s mistake. According to the researcher, one way this could be exploited is by allowing an app to escape the iOS sandbox, which prevents apps from seeing data of others apps. A malicious app could thus steal user data.

The report also quotes Stefan Esser, a researcher who teaches iOS hacking as saying that users need to be careful before installing an app from the App Store.

“People are asking me how real the threat is that someone will incorporate the iOS 12.4 jailbreak into a malicious AppStore app. Well let me just say that as far as I remember there was never before source code for a jailbreak publicly available before it was patched,” he tweeted.