Following Apple’s update to iOS 12.4.1, Apple was able to close a security hole that allowed a hacker to create and release a working public jailbreak for a fully updated iPhone. This jaibreak allowed for unofficial software to be installed that bypassed Apple’s strict controls and potentially makes it easier for the handsets to be maliciously hacked.
Still, this jailbreak might have been more of a gift than Apple expected, as it provided something for Apple to learn from.
“For any device, the goal of a jailbreak is to find a loophole in coding to jump over any restriction that the manufacturer has put on it”, says Ayman El Hajjar, a lecturer in computer science and engineering at the University of Westminster. “Basically, what jailbreaking does is escalate privilege – it means it means the operating system security precautions are removed, and you are able to overcome them.”
The jailbreak was centered around the SockPuppet vulnerability, which was located by Google hacker Ned Williamson. Apple had first fixed the issue in iOS 12.3, but accidentally reintroduced the issue in iOS 12.4, which was released in June. This weakness let an attacker corrupt the phone’s kernel memory, allowing a security researcher, called Pwn20wnd, to develop and publish an iPhone jailbreak.
The last time the newest version of iOS was open to jailbreak vulnerability was in 2015, under iOS 9, and only for seven days.
According to Thomas Reed, director of Mac and mobile at Malwarebytes, additional benefits of this error include the ability for security researchers to be able to more closely study the iOS and its potential vulnerabilities. Apple also stated this month that it would distribute less restricted iPhones to security researchers as part of its but bounty program.
Stay tuned for additional details as they become available.
Via Wired