Boasted Apple A few days ago, with an extended program for finding security vulnerabilities, the iPhone maker made an embarrassing mistake. With iOS 12.4, the company opened a gap that had previously been closed with iOS 12.3.
iOS 12.4: Warmed up vulnerability allows jailbreak
Surprisingly, iOS developers had Ahmed Aldeab in the past hours notice that Apple In the recent update to iOS 12.4 a serious security vulnerability had reopened. The bug allows custom apps to execute arbitrary code on an iPhone or iPad, making it a critical bug.
Yes! Apple patched the bug in 12.3 and unpatched it in 12.4. https://t.co/GeqbgSBMWc
– Jake James (@Jakeashacks) August 18, 2019
This now again opened gap has the side effect that a jailbreak with iOS 12.4 is currently possible again. Excluded are only devices with Apple's A12 chip, such as the latest iPhone models – so the iPhone XS and XR.
A look into the near future, here are some of the new features of iOS 13:
Apple closes hole in iOS 12.3 and reopens it with iOS 12.4
As heise reports, the vulnerability (CVE-2019-8605) is a gap found by researcher Ned Williamson in collaboration with Google Project Zero, which was discovered and reported last spring Apple had reported. In Apple's security update documentation in iOS 12.3, the company writes about the error: "A maliciously crafted program may be able to execute arbitrary code with system privileges."
The problem is likely to please the jailbreak community, who can now update their old devices to iOS 12.4 and "unlock" them again. At the same time, however, it can pose a threat to ordinary iPhone users. So it is possible that one could exploit the gap in combination with another error – for example in WebKit – from the distance. It will not be long until then Apple iOS 12.4.1 offers for download.