Roughly a week after it was reported that Apple’s iOS 12.4 update unpatched a vulnerability that allowed for jailbreaking (and was previously fixed in an earlier update), the company has released a patch to again fix the bug after the issue was flagged by security researchers.
Apple on Tuesday released its iOS 12.4.1, which re-patches the vulnerability that was initially fixed in iOS 12.3 but was undone in July with the release of 12.4, as Motherboard previously reported. Apple said in its advisory that the patch addressed the issue that could have allowed a bad actor “to execute arbitrary code with system privileges.”
Jailbreaking, while it certainly has its perks — such as giving users more control over their devices for adding customisation and otherwise prohibited apps that may not necessarily be to Apple’s liking — it also comes with added security risks.
Speaking with Motherboard last week, security researcher Jonathan Levin said that with “12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable — which means they are also vulnerable to what is effectively a 100+ day exploit.”
I can confirm the exploit was patched in iOS 12.4.1 - - Stay on iOS 12.4!
— Pwn20wnd is reviving 0-Days (@Pwn20wnd) August 26, 2019
Security researcher Pwn20wnd — who released a public jailbreak last week for users running the latest version of iOS — was given a hat tip “for their assistance” in Apple’s security notice this week. An Apple spokesperson confirmed by email that the vulnerability that allowed jailbreaking had been fixed, as per its notice, but declined to discuss the issue any further.
So if you care about security, make sure you update your iPhone. If you care about jailbreaks, make sure you avoid the update like the plague because you never know how long it will take for you to get another opportunity.