Old Vulnerability Allows Jailbreak in iOS 12.4
There is a vulnerability in iOS 12.4 that has already been fixed in an earlier version. This allows attackers to escape from the iOS sandbox via Safari. It is not known how the bug came back into the operating system, but hackers have now managed to make a jailbreak for it.
This makes it the first time in years that there is a working jailbreak for iPhones that work with modern versions of the mobile operating system. The jailbreak is made by Pwn20wnd. That group consists of a number of security researchers who often made jailbreaks, but for older versions of iOS. The current jailbreak runs on iOS 12.4, the most recent stable version of the mobile operating system. That version contains a bug that was already fixed in May in iOS 12.3. That bug is now back in iOS 12.4, although it’s not entirely clear how that happened. The researchers say they tried an old jailbreak version on the modern OS and found that the bug fix had been rolled back.
Hackers usually have to exploit vulnerabilities in operating systems to release jailbreaks. In recent years it has become increasingly difficult to find such vulnerabilities, and if they are found, they are worth much more money at Apple itself or in the market.
Details about the vulnerability are not known, but according to the makers it is a bug in the browser Safari. This would make it possible to escape from the sandbox, but the researchers immediately say that the bug is very difficult to exploit in practice. Also warn other security researchers that users should be careful about which apps they download from the App Store as they could potentially exploit the new vulnerability.
Apple has not yet responded. The company is expected to come up with a fix soon by releasing an update for iOS 12.4. That would make the jailbreak no longer work. Jailbreaking has become less and less popular in recent years. Mobile operating systems have implemented many of the features that jailbreakers initially released, and it is becoming increasingly difficult to find vulnerabilities for the operating system.