The internet was all ablaze when several security researchers reported that Apple has accidentally reintroduced a bug in iOS 12.4 that was patched in iOS 12.3. Many iOS users are already exploiting this vulnerability to jailbreak their devices with iOS 12.4.
New: a hacker has just released a jailbreak for up-to-date (iOS 12.4) iPhones, the first time anyone can jailbreak updated iPhones in years.
What's worse, the jailbreak was made possible by Apple reintroducing a bug it had already patched.https://t.co/RorYqGVBDO pic.twitter.com/hnrh7oOjKT
— Lorenzo Franceschi-Bicchierai (@lorenzofb) August 19, 2019
iOS 12.4 jailbreaking
As the name suggests, jailbreaking allows you to bypass the rules and regulations imposed by Apple on iOS, tvOS and watchOS operating systems. After getting the root access, you will be able to install software that is unavailable in the Apple App Store, run unsigned code, read and write to the root filesystem, and more.
Many researchers shared steps and jailbreaking tools to help Apple users perform jailbreaking on their devices. A security researcher, who goes by the name Pwn20wnd on Twitter, released unc0ver v3.5.2, a jailbreaking tool, yesterday. With iOS 12.4 and unc0ver, you will be able to jailbreak A7-A11 devices. However, it does not currently fully support the A12 processor found in the iPhone XS, XS Max, and XR for iOS 12.1.3 and up.
unc0ver v3.5.3 is NOW OUT – Adds WIP partial support for A12-A12X devices on iOS 12.1.3, 12.1.4, 12.2 and 12.4!
Github releases: https://t.co/xwxRUDYbqj
Reddit post: https://t.co/KYhVkDw56E
— Pwn20wnd is reviving 0-Days (@Pwn20wnd) August 19, 2019
Here’s a video by GeoSn0w showing how you can jailbreak your pre-A12 devices (iPhone 5S up to iPhone X) using unc0ver on iOS 12.4 which is currently the latest signed version from Apple:
Security implications of jailbreaking your iOS device
Though there haven’t been any reports of malicious activity yet, this misstep does put millions of iOS users at risk as jailbreaking your devices can make them less secure. Security researchers are warning users to be careful about what apps they download. A hacker with malicious intentions can target jailbroken iPhones to easily install malware.
Pwn20wnd told Motherboard that an attacker could “make perfect spyware” by exploiting this vulnerability. Giving an example, he said, “a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox—a mechanism that prevents apps from reaching data of other apps or the system—and steal user data.” He adds, “It is very likely that someone is already exploiting this bug for bad purposes.”
Patrick Wardle, a principal security researcher at the Mac management firm Jamf told the Wired, “This is rather inexcusable, as it puts millions of iOS users at risk. And the irony, as others have already noted, is that since Apple doesn’t allow us to downgrade to old versions, we’re really kind of sitting ducks.”
Apple and the security research community
Earlier this month, Apple sued a Florida-based virtualization company Corellium for copyright infringement. Corellium offers “perfect replicas” or virtual iOS builds that can be used for security research and other purposes. Many security researchers felt that such tools could have been really helpful to identify mistakenly reintroduced vulnerabilities such as this one.
“This shows that Apple continues to struggle with security—even on iOS which is clearly their priority. And this was uncovered by an independent security researcher, which illustrates the value such researchers add. Apple’s more communicative approach with their new bug bounty program is good, but their attempts to shut down researcher tools like Corellium are bad,” said Wardle in a Wired report.
This month, Apple did take a few steps towards making its restrictive OS open to security researchers. It shared its plan to offer special iPhones to security researchers next year that will help them find security flaws and vulnerabilities in iOS. These devices will be given to researchers who report bugs through Apple’s bug bounty program for iOS, which was launched in 2016. At this year’s Black Hat conference, the company extended its use to cover macOS, Apple Watch, Apple TV, and more.
Read Motherboard’s full story of iOS 12.4 jailbreaking to know more in detail.
Read Next
MacStadium announces ‘Orka’ (Orchestration with Kubernetes on Apple)