Botched Apple iOS 12.4 update leaves iPhones and iPads open to 'jailbreak'
Security flaw fixed in iOS 12.3 accidentally unpatched in iOS 12.4
A security flaw patched in iOS 12.3 and accidentally unpatched in iOS 12.4 allows targeted iPhones and iPads to be ‘jailbroken', enabling attackers to implant malware or take control of the device.
The vulnerability was discovered over the weekend with the public release of the free jailbreak for the most up-to-date iPhones. It comes after the researchers realised that a bug uncovered by a Google researcher and patched in iOS 12.3 had been unpatched in iOS 12.4, released in June.
Furthermore, because users can only upgrade their iOS systems to the latest operating system, anyone running pre-iOS 12.3 iPhones are also vulnerable.
The latest exploit comes courtesy of a security researcher with the moniker ‘Pwn20wnd', who specialises in jailbreaks, who published his exploit code on Github. Because of the relatively high security of iOS, genuine iPhone jailbreaks can sell for millions of dollars on the black market. A public release is therefore extremely rare - but will put pressure on Apple to patch the operating system as soon as possible.
According to Motherboard, organisations that target iPhones - for law enforcement, national security purposes, or to target dissidents and government opponents - the reintroduced security flaw means that iPhones can be targeted with carefully crafted bugs in the Safari web browser to "hack any up-to-date iPhone".
Google security researcher Ned Williamson confirmed the security flaw to Motherboard. He described it as an "accidental revert" of the patch introduced with iOS 12.3.
The last public iOS jailbreak came in September 2016 when a 19-year-old hacker claimed to have jailbroken an iPhone 7 in fewer than 24 hours.
Apple is currently working on a patch to re-implement its earlier patch.
The latest iPhones are expected to be released in the autumn, but without 5G support. 5G-compatible iPhones will be coming in 2020, however, along with screens bearing 120Hz displays.