Apple mistakenly simplified the process of hacking the iPhone, returning the vulnerability that it had already fixed. Hackers quickly took advantage of this and released a jailbreak for iOS – the first free public jailbreak for the iPhone in recent years.
Security experts found that the update for iOS 12.4 returned an error previously discovered by Ned Williamson from Google Project Zero and fixed in iOS 12.3. Jailbreak for iOS 12.4 was published almost immediately.
The developer of the hacking utility under the nickname Pwn20wnd claims that the program successfully uses the SockPuppet vulnerability on iOS 12.4 and can unlock the device, which allows you to install and run any third-party software.
According to Motherboard, Ned Williamson has confirmed that the old exploit that was once fixed by Apple works on his iPhone XR.
“The user apparently tested the jailbreak on 12.4 and found that Apple accidentally restored the vulnerability,” Williamson said.
Pwn20wnd, who developed the jailbreak, believes that “someone can create the perfect spyware program” using an Apple error. For example, he said, a malicious application can bypass a mechanism that prevents access to data from other applications or system data, which means theft of user data.
“It’s very likely that someone is already using this error for personal gain,” said Pwn20wnd.
Several iPhone users on Twitter said they successfully cracked their iPhones using the Pwn20wnd jailbreak. IPhone security experts warn users to control which applications they download.
“I hope that users know that after the release of the public jailbreak available for the latest version of iOS 12.4, they should be very careful about the applications that they download from the Apple AppStore,” wrote Stefan Esser, a well-known developer who teaches hacking, on Twitter. iOS “In any such application, there may be a copy of the jailbreak.”