Apple’s latest iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system.
The unpatched vulnerability is CVE-2019-8605, an arbitrary code execution bug caused by a use-after-free condition. Working in tandem with Google Project Zero, security researcher Ned Williamson discovered the flaw and then, after Apple had fixed it, published a working exploit named SockPuppet.
The May 13 release of iOS 12.3 had repaired the problem with improved memory management, but according to Motherboard, researcher and iPhone jailbreak specialist Pwn20wnd found that the fix was reversed with the July 22 release of iOS 12.4. The researcher then publicly posted a jailbreak for iOS 12.4 on Monday, via GitHub.
iPhone users on social media reportedly confirmed that the jailbreak worked, allowing them to potentially remove some of Apple’s buttoned-down device management restrictions and install unauthorized software.
“The reason that jailbreaking went away was because there was more money in reporting or selling the exploits,” said Aaron Zander, head of IT at HackerOne, in comments emailed to SC Media. “People who did this eventually got hired, bought, or ceased and desisted to death by Apple. And, with the closure of the jailbreak equivalent of the app store, the community behind a lot of these groups has completely dissipated over the last half decade or so. A new jailbreak is a very cool thing to be public. Are there risks? Yes, but now they are known risks. A jailbreak is just an iOS vulnerability that the world knows about.”
However, there is a downside: The combination of a publicly known exploit and jailbreak toolkit gives malicious actors a lot of options to potentially attack unsuspecting iPhone users who thought they were doing the responsible thing upgrading to version 12.4. Users could potentially download an app containing the jailbreak code and quickly become compromised.
Indeed, Pwn20wnd reportedly told Motherboard that attackers could take advantage of this mistake to “make a perfect spyware.”
“Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable, which means they are also vulnerable to what is effectively a 100+ day exploit,” said security researcher Jonathan Levin, per the Motherboard report.
SC Media has reached out to Apple for comment