Apple stops signing iOS 12.4 after iOS 12.4.1 patches jailbreak bug
AppleInsider Staff
Apple on Wednesday ceased code signing of iOS 12.4, an incremental update that accidentally unpatched a vulnerability which hackers quickly leveraged to create a publicly available jailbreak.
Typical of Apple's operating system release cycle, the halt to code signing for iOS 12.4 arrives about two weeks after iOS 12.4.1 was pushed out in late August.
The point update was issued in large part to close a once-secured flaw that was reintroduced with the release of in iOS 12.4 in June. Google security researchers discovered the vulnerability earlier this year and Apple subsequently squashed the bug in iOS 12.3.
Shortly after iOS 12.4 went live, researcher "pwn2ownd" harnessed the software flaw to build a jailbreak as an extension of their ongoing project "unc0ver." It was one of the first jaibreaks to impact a then-current version of iOS in years.
"[I]t is very likely that someone is already exploiting this bug for bad purposes," the researcher said in a statement at the time, suggesting nefarious actors might use the bug to build targeted malware.
By ending code signing for the vulnerable iOS, Apple closes the door for both jailbreakers and hackers. In addition to security, preventing users from downloading older code allows Apple to keep more iOS devices on the latest, feature-rich software.
Apple is due to release its next-generation iOS 13 on Sept. 19, bringing with it a slew of new features, enhancements and first-party apps.
Malcolm Owen
Christine McKee
Amber Neely
William Gallagher
