What you need to know
- Apple has apparently unpatched a vulnerability in iOS 12.4.
- This has prompted a new public jailbreak to be released.
- Security researchers are warning the unpatched vulnerability could lead to big problems for iPhone users.
A vulnerability that Apple previously patched has reportedly been mistakenly unpatched in iOS 12.4, making it possible to jailbreak modern iPhones.
According to Motherboard, security researchers discovered Apple's snafu over the weekend. A jailbreak from Pwn20wnd was then released on Monday, making it the first time a jailbreak has been publicly released in several years.
These days, jailbreaks are apparently kept private in an effort to keep Apple from discovering and patching exploits. As Motherboard points out, major iPhone exploits can sell for millions of dollars.
The latest jailbreak can supposedly be used with any device running iOS 12.4 (and below iOS 12.3). That's a big problem for Apple, according to Jonathan Levin, a security researcher who spoke with Motherboard. Because Apple mistakenly unpatched the vulnerability, devices running iOS 12.4 could be susceptible to exploits.
With the iPhone once again vulnerable, hackers could potentially "make a perfect spyware" through a malicious app. An exploit could also be placed on a malicious webpage, Motherboard's report said.
Now that the jailbreak has been made public, Apple will likely release iOS 12.4.1 to close the vulnerability. For now, be cautious of what app you install from the App Store, because any app could have a copy of the jailbreak in it, according to security researcher Stefan Esser.
Update August 20: Clarified language about which versions of iOS can be jailbroken.
Get the best of iMore in in your inbox, every day!
This article states that jailbreaking your device makes it vulnerable to an exploit, but Motherboard stated that if you're running 12.4 itself (unjailbroken) you're vulnerable to the exploit because of how they're now able to jailbreak it, so it's not the jailbreak that makes you vulnerable, just Apple's mistake. But hey, this is great news for the jailbreak community, and for people who don't want to jailbreak, the exploit will be fixed pretty soon, so that's great for everyone
I’m confused: how can the jailbreak be used “with any device running iOS 12.4 and below” if it was previously patched on, say, 12.3.1? There’s got to be some version range where you can’t install the jailbreak. Are there many phones within that range? Probably not, but still it’s inaccurate to say “all versions 12.4 and below” when there’s supposedly some version range where the jailbreak was blocked.
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.