The hacker Pwn20wnd for the first time since iOS 10 released a jailbreak on the current version of iOS 12.4. He circumvented the protection thanks to an error that Apple closed in iOS 12.3, but returned in a fresh update. This was noticed in Motherboard.
As security researchers noted, a bug in iOS 12.4 allows not only to jailbreak, but also to crack iPhones. Attackers can take advantage of this, for example, to install spyware on users’ devices without their knowledge.
According to cybersecurity researcher Ned Williamson, hackers can release an infected application that can go beyond the sandbox of iOS – a mechanism that prevents applications from interacting with each other’s data and stealing information. Williamson also believes that attackers can use an infected site in combination with a vulnerability in Safari.
Pwn20wnd believes that someone is probably exploiting this error for the purpose of malicious intent. He told Motherboard that now any organization specializing in iPhones can hack into any relevant device. Including remotely.
Cybersecurity experts have warned users to keep track of which applications are downloaded from the AppStore. As noted by Stefan Esser, any of them may have a copy of the jailbreak.
Apple closed the vulnerability more than 100 days ago in the iOS 12.3 update even before it became publicly known about it. A company error was reported by a Google employee.
The reason for the vulnerability in the latest version of iOS is unknown. Researchers suggest that this happened by accident. Apple did not respond to Motherboard’s request for comment.
Pwn20wnd was the first free and public jailbreak in many years. Recently, Apple has become ahead of hackers and with each update it closed vulnerabilities that allowed to crack the system.
Due to the company’s actions, researchers stopped publicly reporting vulnerabilities and releasing jailbreaks that stopped working after a few weeks. Instead, they began selling millions of dollars of critical vulnerabilities in the black market.