Skip to main content

Apple’s iOS 12.4 apparently unpatched a security flaw and enabled a jailbreak

It looks like the rollout of iOS 12.4 may not have been as smooth as Apple would have liked. According to a new report from Motherboard, Apple accidentally unpatched a security vulnerability with the release of iOS 12.4 — and that has lead to the first jailbreak for an up-to-date version of iOS in a number of years.

The bug itself was originally patched just one version before it, in iOS 12.3 — and as a result of the unpatching, any phone with iOS 12.4 can be jailbroken. In fact, a jailbreak for iOS 12.4 was publicly released to Github by Pwn20wnd, a security researcher known for developing iOS jailbreaks. Jailbreaking was still possible before, but you couldn’t be running the most recent version of iOS to do it.

A number of users on Twitter claimed that they successfully jailbroke their iPhone.

Of course, while a jailbreak is available, it’s generally not recommended to jailbreak your iPhone. Jailbroken devices are more susceptible to hacking in general, and as security researchers noted in the Motherboard report, hackers could even create malware that would allow them to put spyware on jailbroken devices.

It’s likely Apple is already working on a fix for the security bug, and will release it with iOS 12.4.1. It should be even easier for Apple to patch the issue than it normally would considering the fact that the bug was previously already patched.

So what does the security issue mean for the average user who doesn’t want to jailbreak their phone? Well, not much, except that you should be a little more careful downloading apps. While Apple’s App Store guidelines should keep users relatively safe, because the jailbreak is public, any app could have a copy of it in their code, according to security researcher Stefan Esser. It’s also a good idea to try and stick with well-known and reputable websites — as it’s possible that the exploit could be used on malicious web pages and paired with a browser exploit, according to Pwn20wnd in the Motherboard report.

As mentioned, it likely won’t take long before a patch is released — but until then, it’s worth being careful about what apps you download and websites you visit.

Editors' Recommendations