Apple accidentally rolls back security patch in iOS 12.4 update, making jailbreaking possible
Software updates usually bring new security updates and patch outstanding bugs, but Apple accidentally took a step backward with iOS 12.4. Released last month, iOS 12.4 reintroduced a security bug that was previously patched and can be used for jailbreaking, making a jailbreak possible on the newest version of iOS.
The security bug, which was fixed in iOS 12.3, was accidentally “unpatched” with the release of iOS 12.4. While this bug has raised concerns among security professionals, another community is ecstatic at the security hole: jailbreakers.
Often, exploits that can be used for jailbreaks are found on older versions of iOS and are usually only available to iOS users that haven’t updated their devices in months (or even years). The re-introduction of the exploit in iOS 12.4 marks the first time in years that a jailbreak is widely available on the latest version of iOS.
There are some caveats. Currently, the jailbreak is only available for devices running on Apple’s A8 SoC up to devices using the A11 Bionic SoC. That means the iPhone XR, XS, and XS Max (as well as the new iPad Pros) do not yet have a jailbreak.
Keep in mind that jailbreaking an iOS device leaves it less secure than one running “stock” iOS. Some researchers, like Google’s Ned Williamson, have confirmed that the exploit works on an iPhone XR, so a jailbreak for the newest devices is likely coming down the pipeline.
A jailbreak for compatible devices was published yesterday. The exploit could also be used by malicious parties to hack into a user’s iDevice and run arbitrary code. This could allow a hacker to take full control of an affected iPhone or iPad, so caution should be taken when using Safari or downloading suspicious apps.
Instructions on jailbreaking are beyond the scope of this article, and caution should be exercised should a user decide to jailbreak his device. Suffice it to say that the current jailbreak method for iOS 12.4, published by security researcher Pwn20wnd, is as simple as browsing to a webpage and downloading an app outside of the App Store. Those that are security conscious and have no interest in jailbreaking should update their phones to iOS 12.4.1, which will likely be available soon.