Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Apple accidentally unpatches a fixed bug in iOS 12.4 that enables its jailbreaking

Save for later
  • 4 min read
  • 20 Aug 2019

article-image

The internet was all ablaze when several security researchers reported that Apple has accidentally reintroduced a bug in iOS 12.4 that was patched in iOS 12.3. Many iOS users are already exploiting this vulnerability to jailbreak their devices with iOS 12.4.

https://twitter.com/lorenzofb/status/1163480993707253761

iOS 12.4 jailbreaking


As the name suggests, jailbreaking allows you to bypass the rules and regulations imposed by Apple on iOS, tvOS and watchOS operating systems. After getting the root access, you will be able to install software that is unavailable in the Apple App Store, run unsigned code, read and write to the root filesystem, and more.

Many researchers shared steps and jailbreaking tools to help Apple users perform jailbreaking on their devices. A security researcher, who goes by the name Pwn20wnd on Twitter, released unc0ver v3.5.2, a jailbreaking tool, yesterday. With iOS 12.4 and unc0ver, you will be able to jailbreak A7-A11 devices. However, it does not currently fully support the A12 processor found in the iPhone XS, XS Max, and XR for iOS 12.1.3 and up.

https://twitter.com/Pwn20wnd/status/1163537425211150336

Here’s a video by GeoSn0w showing how you can jailbreak your pre-A12 devices (iPhone 5S up to iPhone X) using unc0ver on iOS 12.4 which is currently the latest signed version from Apple:

https://www.youtube.com/watch?v=qSItdLEr8WI

Security implications of jailbreaking your iOS device


Though there haven’t been any reports of malicious activity yet, this misstep does put millions of iOS users at risk as jailbreaking your devices can make them less secure. Security researchers are warning users to be careful about what apps they download. A hacker with malicious intentions can target jailbroken iPhones to easily install malware.

Pwn20wnd told Motherboard that an attacker could “make perfect spyware” by exploiting this vulnerability. Giving an example, he said, “a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox—a mechanism that prevents apps from reaching data of other apps or the system—and steal user data.” He adds, “It is very likely that someone is already exploiting this bug for bad purposes.”

Patrick Wardle, a principal security researcher at the Mac management firm Jamf told the Wired, "This is rather inexcusable, as it puts millions of iOS users at risk. And the irony, as others have already noted, is that since Apple doesn't allow us to downgrade to old versions, we're really kind of sitting ducks."

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime

Apple and the security research community


Earlier this month, Apple sued a Florida-based virtualization company Corellium for copyright infringement. Corellium offers “perfect replicas” or virtual iOS builds that can be used for security research and other purposes. Many security researchers felt that such tools could have been really helpful to identify mistakenly reintroduced vulnerabilities such as this one.

"This shows that Apple continues to struggle with security—even on iOS which is clearly their priority. And this was uncovered by an independent security researcher, which illustrates the value such researchers add. Apple's more communicative approach with their new bug bounty program is good, but their attempts to shut down researcher tools like Corellium are bad," said Wardle in a Wired report.

This month, Apple did take a few steps towards making its restrictive OS open to security researchers. It shared its plan to offer special iPhones to security researchers next year that will help them find security flaws and vulnerabilities in iOS. These devices will be given to researchers who report bugs through Apple’s bug bounty program for iOS, which was launched in 2016. At this year’s Black Hat conference, the company extended its use to cover macOS, Apple Watch, Apple TV, and more.

Read Motherboard's full story of iOS 12.4 jailbreaking to know more in detail.

Apple announces ‘WebKit Tracking Prevention Policy’ that considers web tracking as a security vulnerability

MacStadium announces ‘Orka’ (Orchestration with Kubernetes on Apple)

Microsoft contractors also listen to Skype and Cortana audio recordings, joining Amazon, Google and Apple in privacy violation scandals