The Cupertino giant Apple released iOS 12.4 last month, which contains a bug that was discovered by Google security researchers and subsequently squashed in iOS 12.3, according to a report by Motherboard.
The researcher who is working with Google’s Project Zero team to uncover a number of iOS flaws have confirmed the once-patched exploit is now in play. Hackers have for the first time in years released a publicly available jailbreak for iPhones running up-to-date software after Apple mistakenly unpatched critical vulnerability in its most current iOS release.
“A user apparently tested the jailbreak on 12.4 and found that Apple had accidentally reverted the patch,” Williamson said in a statement to Motherboard.
It is worth mentioning here that jailbreaking, analogous to rooting on Google’s Android, is a privilege escalation that allows iOS users to remove software restrictions imposed by Apple, thereby making it possible to bypass the company’s walled garden to add apps and other functions, including those from unofficial app stores.
Apple’s accident opens the door to jailbreaks and the execution of malicious code, the report said. Security researcher Jonathan Levin told the publication that because iOS 12.4 is current, and the only version available from Apple, many iPhones and iPads running anything other than iOS 12.3 are vulnerable. Levin went on to say that the bug is a 100+ day exploit, or one that was discovered over 100 days ago.
Capitalizing on Apple’s mistake, researcher “pwn2ownd” released a free jailbreak — technically a new version of their ongoing project “unc0ver” — for iOS 12.4 on Monday, with a number of iPhone owners later reporting the software as functional. He told Motherboard that a bad actor could leverage the snafu to “make perfect spyware,” adding that “it is very likely that someone is already exploiting this bug for bad purposes.”
Pwn2ownd offered up the example of a malicious app that exploits the vulnerability to escape Apple’s iOS sandbox, allowing it to glean sensitive user data. Alternatively, a malicious webpage might combine the same bug with a browser exploit to achieve a similar effect.
Apple has yet to comment on the issue.