Technology

Apple mistakenly unpatches iOS 12.4 vulnerability that let hackers jailbreak your iPhone again

The Cupertino giant Apple released iOS 12.4 last month, which contains a bug that was discovered by Google security researchers and subsequently squashed in iOS 12.3, according to a report by Motherboard.

The researcher who is working with Google’s Project Zero team to uncover a number of iOS flaws have confirmed the once-patched exploit is now in play. Hackers have for the first time in years released a publicly available jailbreak for iPhones running up-to-date software after Apple mistakenly unpatched critical vulnerability in its most current iOS release.

“A user apparently tested the jailbreak on 12.4 and found that Apple had accidentally reverted the patch,”
Williamson said in a statement to Motherboard.

It is worth mentioning here that jailbreaking, analogous to rooting on Google’s Android, is a privilege escalation that allows iOS users to remove software restrictions imposed by Apple, thereby making it possible to bypass the company’s walled garden to add apps and other functions, including those from unofficial app stores.

Apple’s accident opens the door to jailbreaks and the execution of malicious code, the report said. Security researcher Jonathan Levin told the publication that because iOS 12.4 is current, and the only version available from Apple, many iPhones and iPads running anything other than iOS 12.3 are vulnerable. Levin went on to say that the bug is a 100+ day exploit, or one that was discovered over 100 days ago.

Capitalizing on Apple’s mistake, researcher “pwn2ownd” released a free jailbreak — technically a new version of their ongoing project “unc0ver” — for iOS 12.4 on Monday, with a number of iPhone owners later reporting the software as functional. He told Motherboard that a bad actor could leverage the snafu to “make perfect spyware,” adding that “it is very likely that someone is already exploiting this bug for bad purposes.”

Pwn2ownd offered up the example of a malicious app that exploits the vulnerability to escape Apple’s iOS sandbox, allowing it to glean sensitive user data. Alternatively, a malicious webpage might combine the same bug with a browser exploit to achieve a similar effect.

Apple has yet to comment on the issue.

Sponsored
Sajeel Syed

I am a writer at TechJuice, overseeing IT, Telecom, Cryptocurrency, and other tech-related features here. When I'm not working, I spend some of my time with good old Xbox 360 and the rest in social activism. Follow me on Twitter: https://twitter.com/sajeelshamsi

Share
Published by
Sajeel Syed

Recent Posts

What’s New in iOS 18.2.1? Here’s What You Should Know

iOS 18.2 introduces thrilling new features like Visual Intelligence, Image Playground, and upgraded writing tools.…

9 mins ago

Federal Govt Official Urges ‘Less’ Internet Use, Only for Important Matters

On Sunday, Syed Sajid Mehdi, Pakistan's Parliamentary Secretary for the Cabinet Division, proposed a solution…

25 mins ago

Federal Government Announces December 25 as Public Holiday

ISLAMABAD: The federal government has declared December 25, 2024, as a public holiday to mark…

29 mins ago

Samsung Terminates Employees Over Galaxy S25 Ultra Images Leak

An early setback occurred for Samsung's much anticipated Galaxy S25 series when unauthorized photographs of…

47 mins ago

NADRA Warns Against Excessive Photocopying of Sensitive Documents

ISLAMABAD: According to a public advisory from the National Database and Registration Authority (NADRA), Pakistani…

1 hour ago

Phase 2 of Honhar Scholarship Program Officially Launched

The Honhar Scholarship Program Phase II, inaugurated by Chief Minister Maryam Nawaz Sharif of Punjab,…

2 hours ago