A hacker has released the first public jailbreak for modern iPhones in several years, according to a new report from Motherboard. The report details that with the release of iOS 12.4, Apple accidentally unpatched a vulnerability that it had originally fixed in iOS 12.3, opening the door for this jailbreak to be publicly released for iOS 12.4.
Ecobee HomeKit Thermostat
Security researcher Pwn20wnd has released a public jailbreak for iOS 12.4, which seemingly works on all recent iPhone models. This marks the first time in years that such a jailbreak has been released to the public. The jailbreak works on iOS 12.4 as well as any other version below iOS 12.3.
In general, jailbreak details are kept private to keep Apple from patching it. Furthermore, jailbreaks are coveted among security researchers because “the ability to jailbreak an iPhone means the ability to hack it,” and exploits can often sell for millions of dollars.
Numerous iPhone users have already taken to Twitter to show off their newly-jailbroken devices, including the recent iPhone X and iPhone XR.
The bug in question was first reported to Apple by Google’s Project Zero team. Apple detailed the fix in the security release notes for iOS 12.4. Ned Williamson works for Google Project Zero and confirmed to Vice that the jailbreak worked on his iPhone XR.
Williamson also explained the security concerns that arise because of Apple mistakenly un-patching the vulnerability:
“A user apparently tested the jailbreak on 12.4 and found that Apple had accidentally reverted the patch,” Williamson told Motherboard. The researcher told Motherboard that “somebody could make a perfect spyware” taking advantage of Apple’s mistake.
For example, he said, a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox—a mechanism that prevents apps from reaching data of other apps or the system—and steal user data. Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher.
It’s likely that Apple will release iOS 12.4.1 in the coming days to re-fix this vulnerability. Until then, security researcher Stefan Esser recommends all users be wary of what apps they install from the App Store because “any such app could have a copy of the jailbreak in it.”