Apple accidentally rolls back security patch in iOS 12.4 update, making jailbreaking possible

An oversight by Apple caused an old security bug to be reintroduced with iOS 12.4. While the bug had been patched in iOS 12.3, the exploit is present in the latest operating system from Apple and can be used for jailbreaking on compatible devices. On the flip side, the security hole presents new risks; the bug can be used by malicious parties to hack into an iPhone or iPad running 12.4.

Sam Medley, Published 08/20/2019

Software updates usually bring new security updates and patch outstanding bugs, but Apple accidentally took a step backward with iOS 12.4. Released last month, iOS 12.4 reintroduced a security bug that was previously patched and can be used for jailbreaking, making a jailbreak possible on the newest version of iOS.

The security bug, which was fixed in iOS 12.3, was accidentally “unpatched” with the release of iOS 12.4. While this bug has raised concerns among security professionals, another community is ecstatic at the security hole: jailbreakers.

Often, exploits that can be used for jailbreaks are found on older versions of iOS and are usually only available to iOS users that haven’t updated their devices in months (or even years). The re-introduction of the exploit in iOS 12.4 marks the first time in years that a jailbreak is widely available on the latest version of iOS.

There are some caveats. Currently, the jailbreak is only available for devices running on Apple’s A8 SoC up to devices using the A11 Bionic SoC. That means the iPhone XR, XS, and XS Max (as well as the new iPad Pros) do not yet have a jailbreak.

Keep in mind that jailbreaking an iOS device leaves it less secure than one running “stock” iOS. Some researchers, like Google’s Ned Williamson, have confirmed that the exploit works on an iPhone XR, so a jailbreak for the newest devices is likely coming down the pipeline.

A jailbreak for compatible devices was published yesterday. The exploit could also be used by malicious parties to hack into a user’s iDevice and run arbitrary code. This could allow a hacker to take full control of an affected iPhone or iPad, so caution should be taken when using Safari or downloading suspicious apps.

Instructions on jailbreaking are beyond the scope of this article, and caution should be exercised should a user decide to jailbreak his device. Suffice it to say that the current jailbreak method for iOS 12.4, published by security researcher Pwn20wnd, is as simple as browsing to a webpage and downloading an app outside of the App Store. Those that are security conscious and have no interest in jailbreaking should update their phones to iOS 12.4.1, which will likely be available soon.

Source(s)

Motherboard

Apple software chief Craig Federighi confirmed Mac software vulnerability mid-May 2021 (Source: Wccftech)

It's official: The Mac has a security problem 05/20/2021

M1 Mac users can leverage Checkra1n to jailbreak their iDevices now (Image source: chekra.in)

iOS 14.5 can now be jailbroken with Checkra1n; M1 Macs get preliminary support 05/01/2021

The tfp0 bug that may lead to Jailbreak on A13 iOS devices. (Image via @ProteasWang on Twitter)

New exploit may lead to Jailbreak on A13 devices like the iPhone 11 04/21/2020

You can now sideload unverified apps on iOS without Jailbreak or revokes 04/12/2020

Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit 11/06/2019

iOS 13.1.3 update damaging some iPhone 11 handsets 10/21/2019

A new vulnerability may open a way for a jailbreak for almost every iPhone ever made. (Image via Hindustan Times)

New exploit, dubbed checkm8, might lead to permanent jailbreak for multiple iPhone models 09/28/2019

An infected directory showing files with a

Lilu/Lilocked ransomware has now infected thousands of Linux servers 09/08/2019

The iPhone 11 series will get Wi-Fi 6, according to the latest leak 09/03/2019

Independent repair shops will soon be able to offer official iPhone replacement parts. (Image source: iFixit)

Apple: Independent repair shops to be allowed access to official iPhone spare parts 08/30/2019

Apple's next big launch event will take place on September 10. (Source: Apple)

Apple issues invites for a September 10 iPhone event 08/30/2019

The stylus might only be present on the iPhone 11 Max models. (Source: Mobilefun)

Olixar leaks iPhone 11 cases with stylus cutouts 08/22/2019

Keeping your Apple Card looking this good won't be easy. (Source: Apple)

Laughably, Apple's fancy titanium credit card can get discolored if left in a leather wallet 08/22/2019

Waze adds YouTube Music integration to its Android/iOS app 08/21/2019

Facebook paid human contractors to listen to and transcribe audio from users 08/14/2019

Security researchers load ransomware onto DSLR over WiFi and encrypt photos in WannaCry-styled attack 08/12/2019

Apps like Facebook Messenger and WhatsApp may need redesigns thanks to iOS 13's background access restrictions 08/07/2019

The in-app ad market is thought to keep growing in strenght until 2025. (Source: MarTech Today)

The in-app ad market may be worth well over US$200 billion by 2025 08/05/2019

The HomePod captured more inadvertant Siri recordings than other devices like the iPhone. (Source: Apple)

Apple suspends Siri eavesdropping program in wake of privacy scandal 08/02/2019

Apple revenue remains strong although iPhone sales continue to decline. (Source: Apple)

iPhone sales fall below half of Apple revenue for the first time since 2012 07/31/2019

Purism announces final specs of Librem 5 Linux phone, excepts to start shipments in Q3 of 2019 07/30/2019

The classic FPS titles Doom and Doom II go mobile

Doom and Doom II now available for iOS and Android 07/29/2019

Pokemon Masters pre-registration now live (Source: Pokemon Masters official site)

Pokemon Masters pre-registration has begun 07/24/2019

Researchers at Symantec discover media file vulnerability in WhatsApp and Telegram 07/17/2019

Kali Linux now available for Raspberry Pi 4 07/10/2019

The Qualcomm Secure Processing Unit is part of the SD 855. (Source: Qualcomm)

The Snapdragon 855 is the first mobile processor certified to be as secure as a smart card 06/26/2019

Apple iPhone XR Smartphone Review 10/28/2018

Apple iPhone XS Smartphone Review 09/22/2018

Apple iPhone XS Max Smartphone Review 09/22/2018

Apple iPhone X Smartphone Review 11/24/2017

Read all 1 comments / answer

Loading Comments

Comment on this article

Sam Medley - Senior Tech Writer - 1256 articles published on Notebookcheck since 2016

I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.

Please share our article, every link counts!

.170

> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 08 > Apple accidentally rolls back security patch in iOS 12.4 update, making jailbreaking possible

Sam Medley, 2019-08-20 (Update: 2019-08-20)

Apple accidentally rolls back security patch in iOS 12.4 update, making jailbreaking possible

Source(s)

Related Articles