iOS 12.4 Jailbreak Released After Apple Unpatches Older Bug

Apple

iOS safety investigator Pwn20wnd published a recentiOS version public jailbreak after Apple re-introduced aniOS 12.3 patch vulnerability, earlier applied to the iOS 12.2 jailbreak.

Besides the newly accessible jailbreak for Apple’s recentiOS release, it should also be regarded a critical vulnerability that could open the gates to prospective attackers targeting the company’s enormousiOS user base.

Security scientist Stefan Esser advised iOS consumers that once iOS 12.4 can be used by those wanting to jail it, anyone else could also use it, even through Apple App Store’s iOS applications.

Apple’s reintroduction of vulnerability is a free CVE-2019-8605 tracking use found by Google Zero’s Ned Williamson Project and patched by Apple with its May 13 launch of iOS 12.3.

This vulnerability created it possible for maliciously designed applications to run arbitrary code on iPhone 5s, later iPad Air and later on and iPod touch 6th generation using system privileges.

In July Williamson published an iOS 12.2 exploit, which was labeled SockPuppet, which hackers included in fresh jailbreaks targeted at thatiOS version until Apple patched it and published 12.3.

But in some way Apple reinstated the CVE-2019-8605 error in iOS 12.4, meaning that version 12.4 is the same feat used in 12.2.

Used by iOS-hacker and investigator Pwn20wnd, who developed and released on August 18 a fresh version, unc0ver v3.5.0 “with A7-A11 device iOS 12.4 support.”

Version 3.5.1 has now been published to solve reliability and random reboots to jail your 12.4 phones for individuals who use it. The latest unc0ver releases support iOS 11.0 through 12.4 in order to add insult to injury.

Pwn20wnd also decided to offer Apple credits in the changelog to reactivate the Sock Puppet exploit:

• Add the updated SockPuppet 3.0 exploit by @umanghere
• Remove the SockPort and SockPort2 exploits
• Update system-memory-reset fix to fix random reboots
• Add Apple to the credits section for development
• Fix error at stage 2 when jailbreaking after updating from a lower firmware while preserving the app data
• Fix the app crashing up on stared up on iOS 11

After the fresh Pwn20wnd jailbreak, many iOS users came to Twitter and said they tested it already, and it works like announced.

While this is a enormous mistake by Apple’s team, the business should release a very fast safety update earlier rather than later as itsiOS users are subjected to a enormous attack surface.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.