New Apple Patch Corrects Security Flaw That Allowed iPhone Jailbreak, Hacking

Just about a week after accidentally reintroducing a bug that allowed for jailbreaking in the iPhone, Apple releases a new patch to fix the blunder.

New Patch Corrects Jailbreak Bug

Apple introduced the new patch in the iOS 12.4.1 released on Monday, Aug. 26.

According to an advisory following the update's release, Apple revealed the patch corrects the bug that could have allowed hackers or groups to execute code on the iPhone with system privileges.

These privileges allow for jailbreaking, which means users can bypass Apple's strict regulations on its devices. Some users prefer jailbreaking their phones to customize it to their liking or run applications that normally aren't allowed by the company for one reason or another.

The Mistake That Made Users Vulnerable To Pesky Bug

Apple released the iOS update 12.4 in July, but in doing so, the company made a serious misstep and reopened a bug that made the iPhone open to jailbreaking. Somehow, a gaping hole in the system that allowed jailbreaking in iOS 12.1.2 and was subsequently fixed in 12.2 and 12.3, was open again in iPhones that have been updated to iOS 12.4.

Hackers, including known jailbreak developer GeoSn0w, immediately released a jailbreak exploiting the loophole in the Apple system. The jailbreak works on nearly all iPhone models, except the newest ones iPhone XS, XS Max, and XR.

However, experts noted that Apple's mistake not only made it easier to jailbreak iPhones, but also to hack into iPhones.

"Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable—which means they are also vulnerable to what is effectively a 100+ day exploit," Jonathan Levin, a security researcher and trainer specializing in iOS, told Motherboard. This means that the loophole can be exploited with code found more than 100 days ago.

Pwn20wnd, who is a security researcher developing iPhone jailbreaks, added in the same Motherboard report that hackers or organization could already have been taking advantage of Apple's misstep. For instance, spyware could target the bug in hopes of sneaking past the iOS sandbox and stealing user data or other malicious activities.

"It is very likely that someone is already exploiting this bug for bad purposes," the researcher added.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics