Skip to main content

iOS 12.4 jailbreak publicly released after Apple mistakenly unpatches vulnerability

A hacker has released the first public jailbreak for modern iPhones in several years, according to a new report from Motherboard. The report details that with the release of iOS 12.4, Apple accidentally unpatched a vulnerability that it had originally fixed in iOS 12.3, opening the door for this jailbreak to be publicly released for iOS 12.4.

Security researcher Pwn20wnd has released a public jailbreak for iOS 12.4, which seemingly works on all recent iPhone models. This marks the first time in years that such a jailbreak has been released to the public. The jailbreak works on iOS 12.4 as well as any other version below iOS 12.3.

In general, jailbreak details are kept private to keep Apple from patching it. Furthermore, jailbreaks are coveted among security researchers because “the ability to jailbreak an iPhone means the ability to hack it,” and exploits can often sell for millions of dollars.

Numerous iPhone users have already taken to Twitter to show off their newly-jailbroken devices, including the recent iPhone X and iPhone XR.

The bug in question was first reported to Apple by Google’s Project Zero team. Apple detailed the fix in the security release notes for iOS 12.4. Ned Williamson works for Google Project Zero and confirmed to Vice that the jailbreak worked on his iPhone XR.

Williamson also explained the security concerns that arise because of Apple mistakenly un-patching the vulnerability:

“A user apparently tested the jailbreak on 12.4 and found that Apple had accidentally reverted the patch,” Williamson told Motherboard. The researcher told Motherboard that “somebody could make a perfect spyware” taking advantage of Apple’s mistake.

For example, he said, a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox—a mechanism that prevents apps from reaching data of other apps or the system—and steal user data. Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher.

It’s likely that Apple will release iOS 12.4.1 in the coming days to re-fix this vulnerability. Until then, security researcher Stefan Esser recommends all users be wary of what apps they install from the App Store because “any such app could have a copy of the jailbreak in it.”

FTC: We use income earning auto affiliate links. More.

Jamf
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications