The latest version of Apple’s mobile operating system released late last month reintroduced a critical security bug that makes all iPhones and iPads that updated to iOS 12.4 vulnerable to malicious hackers.
iOS 12.4, the latest version of the OS, includes a vulnerability first found by a Google engineer, that allows users to jailbreak their iPhone. What’s more, the bug puts the security of iPhone users at risk, too.
Apple had fixed the issue in iOS 12.3, but the company has seemingly reversed the patch, allowing for it to be exploited again. So until Apple releases an update to iOS 12.4, all the latest iPhones can be jailbroken and even worse, hacked. Ned Williamson, who works at Google Project Zero, told Motherboard that anyone could make “perfect” spyware that uses the bug to escape the iOS sandbox and steal user data.
Williamson released an iOS 12.2 exploit in July and dubbed it SockPuppet, an exploit which was included by hackers as part of new jailbreaks targeting that iOS version until Apple patched it and released 12.3.
However, somehow Apple reintroduced the CVE-2019-8605 flaw in iOS 12.4, which means that the same exploit used in 12.2 now works on version 12.4.
This was used by iOS hacker and researcher Pwn20wnd who created and published a new version of its jailbreaking tool, unc0ver v3.5.0, “with iOS 12.4 support for A7-A11 devices” on August 18.