Apple Inadvertently Reversed A Patch That Lead To iOS 12.4 Being Jailbroken

Apple released its iOS 12.4 in the previous month while fixing a Walkie-Talkie bug breaching user’s privacy. However, little did they realize that they have inadvertently reversed a fix for a previous vulnerability. Nonetheless, the hackers didn’t miss to pick this mistake up and exploit it to jailbreak iPhones. Reportedly, a researcher has pointed out an iOS 12.4 jailbreak while demonstrating the flaw.

Vulnerability Triggering iOS 12.4 Jailbreak

Apple has accidentally unpatched an already known vulnerability in iOS 12.4. The vulnerability previously existed in iOS 12.2, Apple fixed it with iOS 12.3. However, it turns out that Apple reversed the fix (certainly by mistake) while releasing iOS 12.4. Consequently, allowing for the Jailbreak.

In a recent report, Motherboard disclosed that Apple reintroduced the bug in the latest iOS version. The vulnerability CVE-2019-8605 first affected iOS 12.2 allowing potential attackers to execute arbitrary codes on the target device. Ned Williamson working with Google Project Zero first discovered this flaw termed as ‘SockPuppet’.

The vulnerability now reappears in iOS 12.4, where it allows jailbreaking the latest iOS version for the first time. Thus, it becomes a security problem if a criminal hacker exploits it. Researcher Pwn20wnd has already released the jailbreak publicly. Speaking to Motherboard, he explained that “somebody could make perfect spyware” by exploiting the flaw.

Refrain From Installing Apps Until Next iOS Update

Many users have successfully jailbroken their devices using Pwn20wnd’s app. While that may sound interesting, they have unknowingly made their devices vulnerable to hacks as well. Security researcher Stefan Esser has already warned users in this regard.

According to his guesstimate, it is entirely possible that the malicious actors may enter the App  to the store in a few days to hack iPhone users.

This means only users with their devices running on iOS 12.3 are safe for now. Otherwise, even with the latest iOS 12.4 users are also vulnerable to cyber-attacks. Therefore, the only viable option for the users to stay safe is to wait for the release of iOS 12.4.1 and refrain from jailbreaking their devices or downloading any apps until then.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients