Amaya Toman Apple inadvertently exposed a vulnerability in iOS 12.4 that it had previously fixed in iOS 12.3. The mentioned error thus caused the jailbreak to be available for devices with iOS 12.4 installed. Hackers managed to uncover this bug over the weekend, and the Pwn20wnd group created a publicly available free jailbreak for devices running iOS 12.4 and iOS versions released before iOS 12.3. The discovery of the mentioned error most likely occurred when one of the users was trying to jailbreak his device with the iOS 12.4 operating system.
Jailbreaks are usually not very publicly available - this measure is intended to prevent Apple from patching the relevant vulnerabilities. At the same time, the renewed vulnerability exposes users to a certain security risk. iOS 12.4 is according to Apple Insider currently the only available full version of Apple's mobile operating system.
Ned Wiliamson of Google's Project Zero said that the flaw could be exploited to install spyware on affected iPhones, for example, and that someone could use the flaw to "create the perfect spyware". According to him, it could be, for example, a malicious application, with the help of which potential attackers could gain unauthorized access to sensitive user data. However, the bugs could also be exploited via a malicious website. Another security expert - Stefan Esser - in turn calls on users to be more careful when downloading applications from the App Store, until Apple successfully resolves the error.
The possibility of a jailbreak has already been confirmed by a number of users, but Apple has not yet commented on the matter. However, it can be assumed that it will soon release a software update in which the error will be fixed again.
Source: MacRumors
