There’s some good news and bad news on the iPhone security front. The good news is that folks looking to jailbreak an iPhone running the latest version of iOS can do that now.
The bad news is it’s because Apple seems to have accidentally re-introduced a security vulnerability that had been patched in an earlier version of iOS.
Update: Unsurprisingly, Apple quickly released an update that patches the vulnerability.
In a nutshell, when iOS 12.3 was released in May, it included a patch for a set of kernel vulnerabilities discovered by security researchers at Google’s Project Zero team.
When iOS 12.4 was released in July, it didn’t include that patch, which means hackers can still exploit that known vulnerability. The re-emergence of the vulnerability was discovered over the weekend and quickly leveraged to make a tool that you can use to jailbreak an iOS device running the latest version of the operating system.
If you have no interest in jailbreaking, that means if you use an iPhone or iPad, you should probably be careful about your browsing activity and other behavior until Apple can issue another security update — because there’s now a known vulnerability that malicious hackers could theoretically exploit to send malware to your devices over the internet.
On the other hand, if you are interested in jailbreaking your device to get more control over the operating system and install apps that wouldn’t otherwise be supported, then today may be your lucky day.
The jailbreak scene isn’t as active as it once was, partially because many folks who hunt for the sort of security vulnerabilities that make jailbreaking possible are now selling those vulnerabilities to the highest bidder rather than releasing them to the public.
In this case, since we’re talking about a vulnerability that was already public, it didn’t take long for Pwn20wnd to exploit it for jailbreaking purposes.