Apple Fixes Jailbreak Bug For the Second Time


Apple has released a new iOS security update designed to fix a jailbreak bug which it previously addressed and then accidentally rolled back.

The flaw itself, CVE-2019-8605, is a use-after-free vulnerability credited to Ned Williamson working on the Google Project Zero team.

The flaw, which could allow an attacker to execute arbitrary code with system privileges, was first reported to Apple by Williamson back in March. Some Apple users were apparently exploiting it to jailbreak their devices in order to run unsanctioned software on their kit.

Apple subsequently patched the bug with its 12.3 iOS version in May. However, earlier this month it unwittingly reintroduced the issue with version 12.4.

Security researcher Pwn20wnd released a free public jailbreak tool exploiting the issue.

Now the problem has been fixed for the second time thanks to the 12.4.1 update released by Apple on Monday. The Cupertino giant even thanked Pwn20wnd “for their assistance” in its update.

The patch doesn’t just mitigate the risk of users jailbreaking their iPhones and iPads. The vulnerability could also theoretically have been exploited by hackers to steal data from victims’ devices.   

Public jailbreaks are pretty rare, given that the community usually tries to keep any details secret so Apple doesn’t catch wind.

However, a Chinese security researcher in January released details of a remote jailbreak for iOS 12 on the iPhone X.

Alongside iOS 12.4.1, Apple released tvOS 12.4.1, watchOS 5.3.1 and macOS Mojave 10.14.6.

Products You May Like

Articles You May Like

Facebook Removes 16k Groups for Trading Fake Reviews
S3 Ep27: Census scammers, beg bounties and data breach fines [Podcast]
Nigerian fintech Appzone raises $10M for expansion and proprietary technology
African crypto usage spurs Luno as customers reach 7M
Watch Out! Mission Critical SAP Applications Are Under Active Attack

Leave a Reply

Your email address will not be published. Required fields are marked *