Apple is constantly working to thwart the efforts of jailbreakers by keeping its mobile operating system under its own control. However, it seems the company inadvertently enabled an iOS 12.4 jailbreak by un-patching a vulnerability which was previously patched.
The iOS 12.4 jailbreak is the first jailbreak for a fully up-to-date iOS device in years. Jailbreakers are typically running at least one version behind Apple, if not two or more versions behind. This is why those who want to jailbreak their devices are always advised not to update to the newest version of iOS—because it takes developers time to hack each version of iOS.
Pwn20wnd posted the jailbreak on GitHub this week, and several Twitter users have confirmed that they’ve been using it. However, it’s only a matter of time before Apple re-patches the vulnerability it un-patched to make the iOS 12.4 jailbreak possible, so look for iOS 12.4.1 any day now. What makes the situation even worse is that Apple advised iOS users to update to iOS 12.4 quickly to patch other serious vulnerabilities.
According to Motherboard, security researchers learned over the weekend that iOS 12 brought back a vulnerability identified by a Google hacker that was patched in iOS 12.3. Unfortunately, that has implications not only for jailbreak developers, but also for iOS users in general because it makes things easier for all hackers, including both jailbreakers and those with more nefarious intents.
Security researchers told Motherboard that a bug in Safari can now be exploited to “hack any up to date iPhone.” Although it still isn’t easy to hack an iPhone, the bug makes it much easier than usual to do so. Pwn20wnd told the tech site that it’s possible for someone to “make a perfect spyware” taking advantage of the hole.
Someone would just have to create a malicious app which exploits the vulnerability so it can get outside the standard iOS sandbox—meaning the app could reach the data of other apps on the device or the system itself and steal user data. Hackers could even include the vulnerability in a malicious webpage and then combine it with a browser exploit, Pwn20wnd added. He also said it’s “very likely that someone is already exploiting this bug for bad purposes.”
For this reason, iOS users are advised to be especially careful about what apps they download from the App Store right now.
I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what Apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.
— Stefan Esser (@i0n1c) August 19, 2019
