Posted on August 20, 2019 at 6:02 PM
Apple has made sure that iOS is one of the most secure operating systems for mobile devices, which is not the case with Android for example. However, and for the first time in years, hackers released a jailbreak for iPhones that is now widely available. As it turns out, Apple unpatched a crucial vulnerability by mistake in its latest iOS release and that has triggered the situation.
The company’s newest release, which came in July as iOS 12.4, has a crucial bug that researchers and specialists related to Google spotted and squashed in iOS 12.3, per a report from Motherboard.
Back in Play
Therefore, the vulnerability that was once patched and Apple thought it was over is now back in play. That was confirmed by Ned Williamson, who worked with Google’s Project Zero staff to discover several flaws present in iOS.
Williamson said that the revelation of the patch was an accident. A user testing the jailbreak on the 12.4 version found out that the tech company had mistakenly reverted the patch, Williamson is quoted by Motherboard.
The unfortunate accident has now paved the way not only for jailbreaks but also for the execution of malicious code, per the report. According to cybersecurity expert Jonathan Levin, since iOS 12.4 is the current implementation of the operating system and the only one available from Apple, numerous iOS-powered devices that are using anything other than iOS 12.3 are exploitable.
Per Levin, it means that for a few days, before the 12.4.1 version meets the market, every iOS device of that version or any 11.x and 12.x below 12.3 are effectively jail breakable. Not only that but also they are considerably easier to hack.
A 100+ Day Exploit
To make matters worse, Levin also told the mentioned publication that the vulnerability is a 100+ day exploit, which means that it was discovered more than 100 days ago.
Seeing as Apple had “screwed up” with the botched patch, a known researcher named “pwn2ownd” released a free jailbreak for iOS 12.4, or basically a newer version of the in-progress project “unc0ver.”
Numerous iPhone users reported the software as perfectly functional after that happened. The researcher also told the publication that a malicious agent or hacker could take advantage of the situation and develop the perfect spyware and that the odds of a person already exploiting the vulnerability to do something bad or illegal are actually quite high.
The expert exemplified the situation with a malicious app that takes advantage of the bug in order to escape Apple’s iOS sandbox to glean crucial user information. At the same time, a dubious website may be able to leverage the vulnerability to use it in a browser exploit with a similar objective.
A Delicate Situation
For quite some time, security researchers have treated jailbreaks with extreme caution because jailbreaking an iPhone could also mean that the device is prone to be hacked. Additionally, these exploits are incredibly profitable and can be sold for millions, meaning that nobody has wanted to release jailbreak code publicly because the tech company will act quickly to develop a patch.
People with knowledge on the matter but with a preference to stay under anonymity have stated that institutions and organizations with the required knowledge to target iPhones are now able to use a vulnerability in the Safari web browser to hack any update device.
Experts in iPhone security are recommending users that have successfully jailbroken the device to proceed with caution, especially when it comes to which apps and services they download.
Be Careful With What You Obtain
Famous researcher and iOS hacking expert Stefan Esser warned people that are aware of the publicly available jailbreak to be careful with what the get from the App Store because any such app may have a copy of the jailbreak in it.
The situation has enabled the alarms in the cybersecurity community, especially given that Apple has not provided a comment on the ongoing issue and it is unclear if it is going to make one at all.