Apple iOS Patch Blunder Opens Updated iPhones to Jailbreaks

Apple accidentally re-introduced a vulnerability in its latest operating system, iOS 12.4, that had been previously fixed in iOS 12.3.

Apple’s most recent operating system update, iOS 12.4, accidentally unpatched a fix that had been issued in a previous update — leaving devices vulnerable to code execution and privilege-escalation attacks. The flaw also allows phones to be jailbroken — and a public jailbreak has just been released to take advantage of it on phones running the latest version of iOS.

The blunder, first reported by Motherboard, means that Apple devices that are fully updated to the most recent iOS version are open to a vulnerability that had previously been patched in May as part of the iOS 12.3 update.

The flaw, (CVE-2019-8605), a use-after-free issue existing in the kernel, could enable a malicious application to execute arbitrary code with system privileges in iOS devices, including the iPhone 5s and later, iPad Air and later, and the iPod touch sixth generation.

The bug was initially discovered by Google Project Zero research Ned Williamson, who after the initial patch published an exploit for iOS 12.2, dubbed “SockPuppet,” that utilized the vulnerability to “achieve the kernel_task port on iOS 12.2 on [the]iPhone 6S+.”

While Williamson’s exploit offered the ability to jailbreak in iOS 12.2, on Aug. 18 a hacker under the alias “Pwn20wnd” on Github released various fine-tuned jailbreaks for the latest version of iOS, based on SockPuppet.

After its release, iPhone users flocked to Twitter to show their successful attempts at jailbreaking their own phones — a method to escape Apple’s limitations on what apps and code can run on the iPhone. It’s useful for those wanting to install custom code, add features or perform security research outside the purview of the Apple ecosystem.

“You will have to upgrade to iOS 12.4 if you are on iOS 12.3 to use the latest jailbreak – Enjoy,” said Pwn20wnd on Twitter.

Public iOS jailbreaks are not common, especially for up-to-date phones – in fact, this is the first public jailbreak released in years that addresses fully updated phones.

Malicious attacks on jailbroken phones allow privilege escalation and full hacks of Apple devices; and because this vulnerability could be exploited via a malicious app to jailbreak phones, security researchers like Stefan Esser are warning iPhone users with the most up-to-date patch to be extra cautious of any apps that they download – even those from the official App Store.

Blake Collins, research analyst at SiteLock said in an email that the jailbreak makes phones an easier target for malware and spyware.

“In this instance with iOS 12.4, there was an internal misstep where important code was removed,” Blake Collins, research analyst at SiteLock, said in an email. “With this update, phones can be jailbroken again and are now vulnerable to spyware or worse. The implications for this are far-reaching.”

In addition, the vulnerability makes the personal and private data on vulnerable iPhones more accessible “in unforeseen ways,” he said.

“Photos, emails, phone numbers and possibly even banking data could be stolen if you installed an app that was able to exploit these escalated privileges,” said Collins. “For those who want to have the flexibility that comes with a jailbroken phone, it’s critical that you’re educated on all the vulnerabilities and security issues this opens up for you.”

Apple has not responded to a request for comment from Threatpost on the incident, or whether a patch is being released.

Interested in more on the internet of things (IoT)? Don’t miss our free Threatpost webinar, “IoT: Implementing Security in a 5G World.” Please join Threatpost senior editor Tara Seals and a panel of experts as they offer enterprises and other organizations insight about how to approach security for the next wave of IoT deployments, which will be enabled by the rollout of 5G networks worldwide. Click here to register.

Suggested articles