Someone could lose their job due to a disastrous oversight. Vulnerability testing specialists found that Apple accidentally removed a security patch in iOS 12.4, the latest version of its operating system, which could lead to a jailbreak by exploiting a recently corrected vulnerability.
Jailbreak is a hacking method that allows users to get a privilege escalation on a device to remove some software restrictions installed by companies, in this case Apple. Usually hackers resort to kernel patches that allow applications not available on official platforms to be installed, among other activities.
Over the weekend some hackers realized that vulnerability had reappeared in the operating system, so they decided to design a new jailbreak; in the end it was the vulnerability testing expert known as ‘Pwn20wnd’ who created this jailbreak, making it publicly available and mentioning that it is functional on any Apple device that trades with the latest version of iOS or any version of the system prior to iOS 12.3.
The hacker posted the code for his jailbreak on GitHub over the weekend, plus he’s been making some modifications. Jailbreak is available free of charge to anyone interested parties, although Pwn20nd requests donations via Patreon and PayPal.
Experts in vulnerability testing have found some interesting features in this jailbreak. First, hackers usually treat these developments discreetly, trying to prevent companies from discovering them. However, the hacker decided to make their work public after detecting the occurrence of the vulnerability. Cybersecurity specialist Jonathan Levin says this jailbreak could bring undesirable consequences for Apple users. According to the expert, this method exposes users to multiple security risks and vulnerabilities exploitation. In addition there is a risk that this error may be exploited to install spying software or any other malicious code on an iPhone.
Another variable that poses a potential risk to Apple users is the hacker’s decision to make this jailbreak publicly available because, using this method, threat actors with sufficient knowledge and skills could compromise the security of apps available on the App Store, Apple’s official platform. “Recently a jailbreak was revealed for iOS 12.4; Users are advised to stay alert and be wary of the apps available in the Apple Store, as anyone might include a copy of the jailbreak”, mentioned by the expert.
According to specialists in vulnerability testing from the International Institute of Cyber Security (IICS) the jailbreak has already been tested and appears to be fully functional exploiting the vulnerability of the iOS 12.4 update. So far the company has not issued an official statement regarding this incident, so the error remains uncorrected. It is expected in the next few hours or no later than a couple of days.
A couple of months ago, during the release of the beta version of the new iOS 13 operating system, a group of hackers managed to develop a jailbreak for this new system, just one day after the start of the beta test, demonstrating how complicated it has become for most companies stay one step ahead of hackers.