iOS 12.4 Jailbreak Released After Apple Unpatches Older Bug
upstart writes:
Submitted via IRC for SoyCow3196
iOS 12.4 Jailbreak Released After Apple Unpatches Older Bug
iOS security researcher Pwn20wnd released a public jailbreak for the latest stable iOS version after Apple reintroduced a vulnerability patched in iOS 12.3, previously exploited to jailbreak iOS 12.2.
Besides the newly available jailbreak for Apple latest iOS version, this should also be considered as a critical vulnerability reintroduced in Apple's mobile operating system that could open the doors to potential attackers targeting the company's huge iOS user base.
Security researcher Stefan Esser also warned iOS users in a tweet that once iOS 12.4 is exploitable by those who want to jailbreak it, anyone else could also do it, even via iOS apps released through Apple's App Store.
I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what Apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.
- Stefan Esser (@i0n1c) August 19, 2019
The vulnerability reintroduced by Apple is a use after free tracked as CVE-2019-8605 and discovered by Google Project Zero's Ned Williamson and patched by Apple with the iOS 12.3 release from May 13.
This security flaw made it possible for maliciously crafted apps to execute arbitrary code using system privileges on iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
Read more of this story at SoylentNews.