Apple’s Borked iOS Update Leads to New Jailbreak and Vulnerable iPhones
If you updated to iOS 12.4, you might want to think twice about the apps you download. Apple has unpatched a vulnerability with the latest update, and hackers have already used the opportunity to release the jailbreak for up-to-date iPhones in years, according to a Motherboard report.
Apple, unfortunately, reintroduced a bug that was fixed in the iOS 12.3 update. As a result, all iPhones running iOS 12.4 can now be jailbroken. Pwn20wnd—the security researcher behind the unc0ver tool—released a public jailbreak for iOS 12.4 earlier today on Github. While jailbreaking was still doable beforehand, it’s been a while since you could do it on iPhones running the latest version of iOS. A Twitter search reveals that plenty of users have already confirmed they’re successfully running Pwn20wnd’s jailbreak.
The flip side is the same bug enabling the jailbreak also means all updated iPhones are a bit more vulnerable to hacking. More specifically, security researchers told Motherboard that bad actors could take advantage of the unpatched bug to create spyware on Phones. It’s likely that Apple is already working on a fix that will be released with iOS 12.4.1—especially since it was a bug that had already been previously patched. Gizmodo reached out to Apple but did not immediately receive a response.
In the meantime, users running iOS 12.4 who have zero interest in jailbreaking their iPhones should take extra care downloading apps. Apple may have stricter guidelines regarding what apps are allowed in its App Store, but as security researcher Stefan Esser noted on Twitter, the public jailbreak means “any such app could have a copy of the jailbreak in it.”