Recently, Apple made a mistake while updating to its new 12.4 iOS version. They accidentally unpatched a previous bug that was present in iOS version 12.3. After a hacker tested this vulnerability, a new iOS Jailbreak was released from his side that affects the latest version 12.4 iOS.
Jailbreaking an Apple device can allow the users to perform all the functions that a user is generally unable to do due to Apple’s security risks. Jailbreaking allows the user to download programs from untrusted sources, which can lead to further security issues to the device. Once Apple’s device is Jailbreaked, Apple’s security no more protects the phone.
The hacker publicly released this Jailbreak on GitHub. It is given the name “unc0ver 3.5.0”. The following iOS Jailbreak version can affect the security of any Apple device that runs on the latest version. Apple iPhones, iPods, iPads can easily become a part of this new iOS jailbreak.
An unidentified person, having a cyber name “Pwn20wnd”, found the vulnerability in the iOS kernel that was reported by Ned Williamson previously this year. The hacker used the same vulnerability again to release the Jailbreak publicly after Apple mistakenly un-patched it.
The vulnerability is designated as CVE-2019-8605. The following vulnerability allows a program to run arbitrary code on Apple’s device with system permissions. These permissions are not just exploited to Jailbreak Apple’s device, but they can also make your device vulnerable to the attacker for more dangerous attacks.
Researchers moreover said that the vulnerability is not only exploitable by embedding the code to a program, but, it can also be exploited in Apple’s Safari browser when combined with sandbox bypass flaw.
Apple users are claiming on twitter that they used the GitHub method given by the hacker, and they successfully performed the iOS Jailbreak.
Apple is working on the issue to get it patched. As Apple does not allow its users to downgrade their devices to the previous iOS version, Thus, those users with the latest version have this vulnerability in their devices whereas the devices with the older 12.3 iOS versions are not at risk.
They will fix the issue in their upcoming update, which they will push to their users very soon. The iOS 12.4.1 will be released, and the issue will be fixed as Apple will re-patch the mistakenly unpatched vulnerability. Until then, you are recommended to be aware when you install any app from Apple’s App Store.