There’s some good news and bad news on the iPhone security front. The good news is that folks looking to jailbreak an iPhone running the latest version of iOS can do that now.

The bad news is it’s because Apple seems to have accidentally re-introduced a security vulnerability that had been patched in an earlier version of iOS.

Update: Unsurprisingly, Apple quickly released an update that patches the vulnerability.

In a nutshell, when iOS 12.3 was released in May, it included a patch for a set of kernel vulnerabilities discovered by security researchers at Google’s Project Zero team.

When iOS 12.4 was released in July, it didn’t include that patch, which means hackers can still exploit that known vulnerability. The re-emergence of the vulnerability was discovered over the weekend and quickly leveraged to make a tool that you can use to jailbreak an iOS device running the latest version of the operating system.

The unc0ver jailbreak had previously been available for iOS 11 – 12.2. But now lead developer Pwn20wnd says the latest updates (versions 3.5.1 and later) add support for iOS 12.4.

If you have no interest in jailbreaking, that means if you use an iPhone or iPad, you should probably be careful about your browsing activity and other behavior until Apple can issue another security update — because there’s now a known vulnerability that malicious hackers could theoretically exploit to send malware to your devices over the internet.

On the other hand, if you are interested in jailbreaking your device to get more control over the operating system and install apps that wouldn’t otherwise be supported, then today may be your lucky day.

The jailbreak scene isn’t as active as it once was, partially because many folks who hunt for the sort of security vulnerabilities that make jailbreaking possible are now selling those vulnerabilities to the highest bidder rather than releasing them to the public.

In this case, since we’re talking about a vulnerability that was already public, it didn’t take long for Pwn20wnd to exploit it for jailbreaking purposes.

via Motherboard and Redmond Pie

 

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,545 other subscribers

2 replies on “Apple snafu means iOS 12.4 can be jailbroken (or hacked)”

  1. The chances of getting hacked with this exploit is so small, that you can’t really call it a vulnerability.
    Meanwhile, this is good news for iOS users, getting options to use the phone to higher potential by using administrator privileges once it has been jailbroken.

    A similar thing is happening in the Android ecosystem, with far fewer devices getting the option for root access. I think outside of Pixel and OnePlus, its severely limited. Samsung devices have the struggle with Knox, and some Xiaomi devices don’t get unlocked. Meanwhile, every other OEM is hardware locking the bootloader, with no option to unlock it as a developer.

    1. I believe Asus actually releases an official method for unlocking the bootloader and gaining root. It seems they did so for the zenfone 6.

Comments are closed.