The release of iOS 12.4 in July came with a number of small fixes and improvements, but alongside these was one thing Apple didn’t intend: the update also inadvertently re-opened a security flaw that made it easier for up-to-date iPhones to be jailbroken.
Apple has now put out a new emergency patch – iOS version 12.4.1 – in response to the bug, which also happens to give hackers freer access to the accounts of iPhone users.
For some background, a jailbroken iPhone or iPad is one that has been altered in such a way as to allow the user (or third parties) to install apps that haven’t been approved by Apple and without going through the App Store, and to modify the devices in a variety of ways that aren’t typically allowed by the OS.
The bug was initially found by Ned Williamson working with Google Project Zero, who was thanked in Apple’s release notes for iOS 12.4.1 as having discovered that “a malicious application may be able to execute arbitrary code with system privileges”.
Also thanked in the notes is a security researcher who goes by the moniker Pwn20wnd and is responsible for first developing and publishing a working jailbreak for iOS 12.4. Speaking with Motherboard last week, Pwn20wnd stated that “it is very likely that someone is already exploiting this bug for bad purposes”.
If you’re a regular, non-jailbreaking user and your device hasn’t been updated to iOS 12.4.1 we’d strongly advise that you do so, as security expert have warned that it’s significantly easier for bad actors to sneak malicious code into apps while a public jailbreak is available.