iPhone Warning: Apple Blunder Spawns New Jailbreak, Security Threats

iPhone Warning: Apple Blunder Spawns New Jailbreak, Security Threats

A rare pubic jailbreak for the most up-to-date version of iOS is circulating online after it was found that the recently released iOS 12.4 undid a patch in iOS 12.3.

Researchers warn users to be cautious about installing apps from the App Store until Apple releases a patch.

Motherboard reports that hackers released a jailbreak for iOS 12.4 on Monday after discovering over the weekend that Apple reintroduced a bug that was patched in iOS 12.3.

That bug was discovered by Ned Williamson, a Google security engineer who works with Google Project Zero. Apple patched the issue in iOS 12.3 on May 13 and two months later Williamson published an exploit for iOS 12.2 – dubbed SockPuppet – using the bug.

Apple Security
Apple then released iOS 12.4 on July 22 with fixes for several zero-click vulnerabilities also found by Google Project Zero, minus the one Williamson reported.

Over the weekend a hacker who goes by the name Pwn20wned began refining jailbreaks based on SockPuppet so they support a wider variety of Apple’s A processors used in iOS devices.

Some hackers like to jailbreak their own iPhones so they modify iOS and install apps outside the App Store. However, Apple cautions against the practice because it does introduce security vulnerabilities.  

Pwn20wnd told Motherboard that an attacker who used the jailbreak could create “perfect spyware” in the form of a malicious iOS app that escapes Apple’s sandbox and can access data from other installed apps.     

People using iOS 12.4 or iOS 12.2 and below should be careful with what they download from the App Store in coming weeks because an app could include the jailbreak, according to security researcher Stefan Esser.

That could be an easier task than normal because of the timing of events. Williamson published his iOS 12.2 exploit well after Apple released iOS 12.3, but that exploit code has now been available for hackers to test for several weeks before a patch is available. Presumably Apple will release a fix in iOS 12.4.1.

Williamson has also confirmed his exploit for iOS 12.2 does work on iOS 12.4.

Source: ZDNet

    Popular posts

    Related posts