Last week, a researcher discovered a jailbreaking vulnerability in iOS 12.4 that Apple accidentally unpatched. The vulnerability allowed jailbreaking many of the latest iPhones. Hence, it created a security risk for most users. However, Apple has quickly patched the flaw again with the release of iOS 12.4.1.
Apple Patched Jailbreaking Flaw With iOS 12.4.1
Apple has patched a serious jailbreaking flaw in iOS 12.4. As revealed last week, the researcher noticed that Apple mistakenly unpatched a flaw in iOS 12.4 that it had previously patched in iOS 12.3.
Specifically, it was a vulnerability (CVE-2019-8605) that allowed jailbreaking iPhones. It first appeared in iOS 12.2, which Apple later fixed with iOS 12.3. However, while releasing iOS 12.4, they inadvertently reverted the fix, causing the flaw to appear again. As iOS 12.4 was the latest release until then, it exposed a huge number of users to potential exploit. According to Pwn20wnd, an adversary could easily create spyware by exploiting the vulnerability.
Fortunately, as expected, Apple has patched this vulnerability with the release of iOS 12.4.1. As described in Apple’s advisory,
A use after free issue was addressed with improved memory management. A malicious application may be able to execute arbitrary code with system privileges.
This patch is available for iPhone 5s and later, iPod touch 6th generation, and iPad Air and later.
Patch Introduced In Other OS As Well
Apart from iOS 12.4, the same jailbreaking vulnerability also threatened the security of Mac and Apple TV devices. An attacker could exploit the flaw to run arbitrary codes on the target devices.
Therefore, Apple has also introduced this fix in other platforms as well. Precisely, they have rolled-out tvOS 12.4.1 available for Apple TV 4K and Apple TV HD, and a Supplemental Update for macOS Mojave 10.14.6.
For now, the problem seems resolved. Hence, the users of respective Apple devices must ensure updating their devices with the latest patched versions to stay protected.
Let us know your thoughts in the comments.