Apple Accidentally Unpatches Vulnerability, Leading to New iOS 12.4 Jailbreak

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,407
8,482



Apple in iOS 12.4 mistakenly unpatched a vulnerability that was fixed in the iOS 12.3 update, leading to a new jailbreak available for iOS 12.4 devices, reports Motherboard.

Hackers discovered the vulnerability over the weekend and Pwn20wnd created a publicly available, free jailbreak that works on devices running the latest version of iOS or any version of iOS below iOS 12.3.


Most jailbreak code is kept private to keep Apple from patching it, so this is the first time that a public jailbreak has been available in a while. It was apparently discovered when a user tested an older jailbreak on iOS 12.4 and found the patch had been reverted.

Security researcher Jonathan Levin told Motherboard that the accidental vulnerability also once again makes iPhone users vulnerable to a "100+ day exploit," referring to how long the bug has been around.

Ned Williamson from Google Project Zero said that the bug could be exploited to install spyware on a target iPhone.
The researcher told Motherboard that "somebody could make a perfect spyware" taking advantage of Apple's mistake. For example, he said, a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox--a mechanism that prevents apps from reaching data of other apps or the system--and steal user data.

Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher.
A third security researcher, Stefan Esser said that people should be careful what apps they download from the App Store right now. "Any such app could have a copy of the jailbreak in it," he wrote on Twitter.

Multiple users have confirmed that the jailbreak works and that their devices have been jailbroken using the new software. Apple has not commented on how or why the vulnerability was unpatched, but the company will likely have a fix available soon.

Article Link: Apple Accidentally Unpatches Vulnerability, Leading to New iOS 12.4 Jailbreak
 


realtuner

macrumors 65816
Mar 8, 2019
1,401
3,654
Canada
This is pretty ridiculous on Apple's part. I understand Apple develops parallel versions of iOS (12.3, 12.4, etc.) concurrently to reduce development time, but having one team not communicate with the other seems silly.
Source for your claim this is a result of someone not communicating with another.
 
  • Like
Reactions: DCW

Solver

macrumors 6502a
Jan 6, 2004
997
2,808
USA
This opportunity doesn’t appear very often.
Updated my iPhone 6 Plus and iPod touch 6 to iOS 12.4, then jailbroke them both.
These were never getting iOS 13.

I predict iOS 12.4.1 shortly.
 
Last edited:

Baymowe335

macrumors 603
Oct 6, 2017
5,156
9,030
This is pretty ridiculous on Apple's part. I understand Apple develops parallel versions of iOS (12.3, 12.4, etc.) concurrently to reduce development time, but having one team not communicate with the other seems silly.
This doesn’t mean the teams don’t communicate or are even different teams.

Stop oversimplifying. You don’t know.
 
  • Like
Reactions: sinsin07 and DCW

Killbynumbers

macrumors member
May 29, 2019
53
29
There was a time that I used to jailbreak every iPhone but the thrill left many years ago.

I still have two iPhone SEs jailbroken on iOS 11 and I haven't used them in over a year. I tried selling them as jailbreakable and got no interest in them. I have older iPhones i could still jailbreak now but I won't bother.
 
  • Like
Reactions: tridley68

AZMecha

macrumors regular
Jun 30, 2015
161
93
Cant figure out why anyone would need a jailbreak anymore...
Well as for widgets it is not needed any longer... I do miss the following

1:Bigafy allowed for adding more icons row and changing icon sizes.
2:Music downloader over SSH
3:Overall Themes There was a great batman one which was dark mode back on iPhone 4. awe memories...

:rolleyes::rolleyes:;);):apple::apple: