Apple released its iOS 12.4 in the previous month while fixing a Walkie-Talkie bug breaching user’s privacy. However, little did they realize that they have inadvertently reversed a fix for a previous vulnerability. Nonetheless, the hackers didn’t miss to pick this mistake up and exploit it to jailbreak iPhones. Reportedly, a researcher has pointed out an iOS 12.4 jailbreak while demonstrating the flaw.
Vulnerability Triggering iOS 12.4 Jailbreak
Apple has accidentally unpatched an already known vulnerability in iOS 12.4. The vulnerability previously existed in iOS 12.2, Apple fixed it with iOS 12.3. However, it turns out that Apple reversed the fix (certainly by mistake) while releasing iOS 12.4. Consequently, allowing for the Jailbreak.
In a recent report, Motherboard disclosed that Apple reintroduced the bug in the latest iOS version. The vulnerability CVE-2019-8605 first affected iOS 12.2 allowing potential attackers to execute arbitrary codes on the target device. Ned Williamson working with Google Project Zero first discovered this flaw termed as ‘SockPuppet’.
The vulnerability now reappears in iOS 12.4, where it allows jailbreaking the latest iOS version for the first time. Thus, it becomes a security problem if a criminal hacker exploits it. Researcher Pwn20wnd has already released the jailbreak publicly. Speaking to Motherboard, he explained that “somebody could make perfect spyware” by exploiting the flaw.
Refrain From Installing Apps Until Next iOS Update
Many users have successfully jailbroken their devices using Pwn20wnd’s app. While that may sound interesting, they have unknowingly made their devices vulnerable to hacks as well. Security researcher Stefan Esser has already warned users in this regard.
I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what Apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.
— Stefan Esser (@i0n1c) August 19, 2019
According to his guesstimate, it is entirely possible that the malicious actors may enter the App to the store in a few days to hack iPhone users.
It is only public knowledge since yesterday that the old exploit (that has source code available) works again. Criminals need at least a few days to incorporate this into Apps and submit to the iOS AppStore where they will then show up 2 days later
— Stefan Esser (@i0n1c) August 19, 2019
This means only users with their devices running on iOS 12.3 are safe for now. Otherwise, even with the latest iOS 12.4 users are also vulnerable to cyber-attacks. Therefore, the only viable option for the users to stay safe is to wait for the release of iOS 12.4.1 and refrain from jailbreaking their devices or downloading any apps until then.
Let us know your thoughts in the comments.