Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple accidentally unpatches iOS vulnerability, hacker creates new jailbreak

Mikey Campbell |

Researcher "pwn2ownd" on Monday released a new version of the "unc0ver" jailbreak with support for iOS 12.4.

Last updated

Hackers have for the first time in years released a publicly available jailbreak for iPhones running up-to-date software after Apple mistakenly unpatched a critical vulnerability in its most current iOS release.

Apple's iOS 12.4, released in July, contains a bug that was discovered by Google security researchers and subsequently squashed in iOS 12.3, reports Motherboard.

Ned Williamson, who is credited as working with Google's Project Zero team to uncover a number of iOS flaws, confirmed the once-patched exploit is now in play.

"A user apparently tested the jailbreak on 12.4 and found that Apple had accidentally reverted the patch," Williamson said in a statement to Motherboard.

Apple's accident opens the door to jailbreaks and the execution of malicious code, the report said. Security researcher Jonathan Levin told the publication that because iOS 12.4 is current, and the only version available from Apple, many iPhones and iPads running anything other than iOS 12.3 are vulnerable. Levin went on to say that the bug is a 100+ day exploit, or one that was discovered over 100 days ago.

Capitalizing on Apple's mistake, researcher "pwn2ownd" released a free jailbreak — technically a new version of their ongoing project "unc0ver" — for iOS 12.4 on Monday, with a number of iPhone owners later reporting the software as functional. He told Motherboard that a bad actor could leverage the snafu to "make a perfect spyware," adding that "it is very likely that someone is already exploiting this bug for bad purposes."

Pwn2ownd offered up the example of a malicious app that exploits the vulnerability to escape Apple's iOS sandbox, allowing it to glean sensitive user data. Alternatively, a malicious webpage might combine the same bug with a browser exploit to achieve similar effect.

Apple has yet to comment on the issue.

16 Comments

racerhomie3 8 Years · 1264 comments
About

Fools, who think to get out of apple’s restrictions should realize ,there are bad actors around the globe willing to make money from your foolish decisions. If you love your customizability & piracy a lot please use android & windows. Stop spending $1000 on iPhones & get that $50 freedom phone. Just remember, those freedoms have consequences. 

3 Likes · 0 Dislikes
markbyrn 15 Years · 662 comments
About

Might have mentioned that the vulnerability does not affect newer hardware running on the A12 chip - at least in terms of allowing a viable jailbreak.  Even Forbes and it's hysterical "Apple's Unforgiveable Mistake" article noted it.  

8 Likes · 0 Dislikes
CloudTalkin 6 Years · 919 comments
About

Fools, who think to get out of apple’s restrictions should realize ,there are bad actors around the globe willing to make money from your foolish decisions. If you love your customizability & piracy a lot please use android & windows. Stop spending $1000 on iPhones & get that $50 freedom phone. Just remember, those freedoms have consequences. 

What does any of that rhetoric actually mean?  Jailbreaking has been a thing for almost as long as the iPhone has been a thing.  None of that doom and gloom you're implyng has occurred any more than it has occurred with non-jailbroken devices.  You're kinda just spreading FUD.  If someone buys an iPhone and wants to jailbreak, more power to 'em.  It's their money, their phone, their choice.  Since Apple has incorporated a lot of features from the jailbreak community, it's a less attractive proposition these days.  That doesn't mean we should resort to fear mongering if we don't agree with jailbreaking.  

markbyrn said:
Might have mentioned that the vulnerability does not affect newer hardware running on the A12 chip - at least in terms of allowing a viable jailbreak.  Even Forbes and it's hysterical "Apple's Unforgiveable Mistake" article noted it.  

Outside of being embarrassing, it's really not that big of a deal.  Jailbreaking was never a huge thing.  This won't make it any more significant.  They will repatch the unpatch and life will continue on unabated.  Emphasis on the A12 isn't really that important either considering the vast majority of iPhones in the wild don't run on the A12... on the R, S, and the Max.  

8 Likes · 0 Dislikes
macseeker 9 Years · 542 comments
About

Well, the Tibetan monk walk is still alive. Two steps forward, one step backwards.

2 Likes · 0 Dislikes
knowitall 12 Years · 1648 comments
About

AppleInsider said:
Hackers have for the first time in years released a publicly available jailbreak for iPhones running up-to-date software after Apple mistakenly unpatched a critical vulnerability in its most current iOS release.

unc0ver
Researcher "pwn2ownd" on Monday released a new version of the "unc0ver" jailbreak with support for iOS 12.4.


Apple's iOS 12.4, released in July, contains a bug that was discovered by Google security researchers and subsequently squashed in iOS 12.3, reports Motherboard.

Ned Williamson, who is credited as working with Google's Project Zero team to uncover a number of iOS flaws, confirmed the once-patched exploit is now in play.

"A user apparently tested the jailbreak on 12.4 and found that Apple had accidentally reverted the patch," Williamson said in a statement to Motherboard.

Apple's accident opens the door to jailbreaks and the execution of malicious code, the report said. Security researcher Jonathan Levin told the publication that because iOS 12.4 is current, and the only version available from Apple, many iPhones and iPads running anything other than iOS 12.3 are vulnerable. Levin went on to say that the bug is a 100+ day exploit, or one that was discovered over 100 days ago.
j
Capitalizing on Apple's mistake, researcher "pwn2ownd" released a free jailbreak -- technically a new version of their ongoing project "unc0ver" -- for iOS 12.4 on Monday, with a number of iPhone owners later reporting the software as functional. He told Motherboard that a bad actor could leverage the snafu to "make a perfect spyware," adding that "it is very likely that someone is already exploiting this bug for bad purposes."

Pwn2ownd offered up the example of a malicious app that exploits the vulnerability to escape Apple's iOS sandbox, allowing it to glean sensitive user data. Alternatively, a malicious webpage might combine the same bug with a browser exploit to achieve similar effect.

Apple has yet to comment on the issue.

A big snafu, or a request from the NSA?

3 Likes · 0 Dislikes
Read More on our Forums ->
 

Sponsored Content

article thumbnail

ESR has new iPad accessories ready to go, from the Flip Magnetic Case to Geo Digital Pencil

Top Stories

article thumbnail

iPhone 17, Mac, iPad Pro: What to expect from Apple for the rest of 2025
article thumbnail

It's official — 'Ted Lasso' is getting a fourth season
article thumbnail

Calls for Tim Cook's resignation over Apple Intelligence miss that he has made Apple what it is
article thumbnail

Your existing AirPods could gain a new live translation feature in iOS 19
article thumbnail

iPhone 16e review: All the bells, none of the whistles on this battery-heavy device
article thumbnail

Save up to $168 on every 2025 M4 MacBook Air with exclusive deals