Apple on Monday released the iOS 12.4.1 update to fix an exploit that allowed hackers to jailbreak iPhones and install unapproved apps and services. Believed to have been first reported by Google’s Project Zero researcher, Ned Williamson, the vulnerability was earlier fixed in iOS 12.3, but is believed to have been reintroduced in version 12.4, rolled out last month.
The incoming update is available over-the-air, and can be accessed via Settings > General > Software Update. It is available to a number of devices, including the iPhone 5s and later, the iPad Air and later and the 6th-gen iPod touch. According to the company, the update brings improved memory management to address a ‘use after free’ issue to stop malicious applications from executing arbitrary code with system privileges.
According to Bleeping Computer, the flaw was discovered by hackers just days after the release of iOS 12.4, making it possible to jailbreak iPhones and iPads for the first time in years. The vulnerability was used by cyber-security researcher @Pwn20wnd to develop and release a jailbreak tool for up-to-date iOS devices. Tracked as CVE-2019-8605, the vulnerability was targeted by the Sock Puppet exploit for jailbreaking iOS devices.
On its official support pages, Apple acknowledged Project Zero’s Ned Williamson, as well as Pwn20wnd, for their contribution in finding and fixing this flaw before it could become a full-fledged security threat for millions of users around the world. While it enabled developers to create jailbreak tools, it could have also potentially allowed unscrupulous actors to create malicious iOS apps to target unsuspecting users, thereby jeopardizing their privacy and security.
