Apple’s most recent iOS update — 12.4 — has reopened a vulnerability that was previously patched, making it easy to jailbreak iPhones and iPads.
As reported by Motherboard, hacker Pwn20wnd exploited the flaw to release a public version of the jailbreak on Monday, making it the first time an up-to-date firmware has been unlocked in years.
The SockPuppet flaw (CVE-2019-8605), found in March by Googler Ned Williamson, allows a malicious application to execute arbitrary code with system privileges. Although Apple fixed the issue in its May iOS 12.3 update, the iOS 12.4 release in July has reintroduced the bug.
The development comes as Apple announced it will distribute special iPhones with root access that are less restrictive than their consumer counterparts to security researchers.
Jailbreaking — analogous to rooting on Google’s Android — is a privilege escalation that allows iOS users to remove software restrictions imposed by Apple, thereby making it possible to bypass the company’s walled garden to add apps and other functions, including those from unofficial app stores.
The practice, it is to be noted, also voids your device’s warranty, as it’s a violation of Apple’s End User License Agreement that you agree to every time you purchase a new iPhone.
Furthermore, the perks come with inherent security risks that, coupled with Apple’s steady hardware and software lockdown of its ecosystem, have made it deliberately difficult to jailbreak devices.
Over the years, the cat-and-mouse game between Apple and the jailbreaking community has led to the company implementing a lot of popular tweaks out of the box, such as system toggles, lock screen widgets, screen recording, multitasking, and picture-in-picture mode on iPad.
As a result, the practice has fallen out of favor, leading to the closure of multiple alternative app stores.
While this news of new jailbreak has no doubt appeased enthusiasts, be warned that it’s a wild west with little to no rules, and, most importantly, no protections from malware. But now that Apple is aware of the exploit, it won’t be long before it’s patched again.
Update on Aug. 27, 9:15 AM IST: Apple has rolled out a fix to address the privilege escalation vulnerability that temporarily allowed hackers to jailbreak iPhones. Apple also acknowledged the hacker in its support note, stating “We would like to acknowledge @Pwn20wnd for their assistance.” The supplemental security updates iOS 12.4.1, watchOS 5.3.1, tvOS 12.4.1, and macOS 10.14.6 are available now.