Apple has released an iOS security update that patches a jailbreaking bug accidentally unpatched in a previous update.
Apple’s iOS version 12.4.1 released on August 26 patches a jailbreaking bug, which was accidentally unpatched in the previous iOS 12.4 update.
The jailbreaking bug in question was discovered by Google Project Zero security engineer Ned Williamson, and it could have allowed a “malicious application to execute arbitrary code with system privileges”. The bug was fixed in iOS 12.3 but was accidentally unpatched in iOS 12.4, which was released last month.
iOS jailbreaking is essentially removing software restrictions set by Apple. It allows one to install software that is unavailable through Apple’s App Store and modify the device in various ways. Apple regularly patches jailbreaking vulnerabilities in order to prevent users from bypassing its software restrictions and modifying their devices. Jailbreaking is appealing to many iPhone users because it gives them more control over their phones. However, it also comes with security risks as malicious actors can use jailbreaks to essentially take control over users’ iPhones.
Security researcher Pwn20wnd released a public exploit based on the bug in question after it was unpatched, and it could be used to jailbreak unpatched iPhones and allow users full control over their devices. It should be noted that the same jailbreak used by users themselves could also be used by malicious actors. That is why jailbreaks are usually kept secret and not released to the public by security researchers.
The researcher Pwn20wnd was acknowledged for their assistance in Apple’s security notice about the 12.4.1 update. Ned Williamson also received a thanks in the same notice for discovering the jailbreaking vulnerability.
Users who do not jailbreak their iPhones should install the update as soon as possible as malicious actors could slip malicious code into apps and essentially get control over the device.