Credits: The Register
iPhone hackers have discovered Apple’s most recent iOS update, 12.4, released in July, accidentally reopened a code-execution vulnerability that was previously patched – a vulnerability that can be abused to jail-break iThings.
Pwn20wnd, the developer of the iPhone jail-breaking tool unc0ver, says the newest version of their software, 3.5.2, successfully exploits the SockPuppet flaw on iOS 12.4 to unlock a fully patched up-to-date device from the walled garden of Apple’s App Store, thus allowing any third-party software, good and bad, to be installed and run.
The SockPuppet hole was found and reported to Apple in March by Googler Ned Williamson, and patched in May by the Cupertino giant with its iOS 12.2 release, locking out the jail-break tool. Then the iOS 12.4 release came along in late July, and broke that patch, allowing a slightly tweaked unc0ver to run as before.
So, basically, if you’re using iOS 12.3 or 12.2, update to iOS 12.4, and jail break your handset, if you so wish, or go ahead right now if you’re already running iOS 12.4. It’s not generally recommended for security reasons, though; be aware of the risks and benefits before diving in.
“It was a wild ride… I was utterly unprepared for something like this,” Pwn20wnd wrote. “I had to re-schedule almost everything to test this before release.”
And why is this of any importance to those who don’t jail-break their phones? The techniques used to jail-break handsets require some level of arbitrary code execution to succeed. It is understood government surveillance and phone unlocking tools can potentially use these types of code-execution flaws to carry out their snooping.
When an iOS update “breaks” a jail-break tool, it is usually because Apple has patched the vulnerability that was used to compromise the device. It seems that, in this case, one of those fixes has failed.
To put it another way, iOS 12.4, released on July 22, has apparently reopened an arbitrary code-execution flaw that Apple had previously patched as a security concern. And unc0ver, which can exploit that reopened hole, is open-source, so miscreants can find and reuse the exploit code needed to compromise a victim’s device via the flaw. It is also worth noting that this is the first time in years that jail-breakers have had a working exploit for the latest, fully-patched version of iOS.
The Register has asked Apple for comment on the matter, and has yet to hear back at the time of publication.