Hacking

Hacker publicly releases Jailbreak for iOS version 12.4

Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers.

A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had already fixed allowing the hacker to exploit it.

The jailbreak works with the latest version of the iOS mobile operating system, Google Project Zero expert Ned Williamson confirmed that the jailbreak works on his iPhone.

During the weekend, experts discovered that the latest iOS version (12.4) released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previously fixed in iOS 12.3.

The flaw potentially exposes iPhone devices running current and older iOS versions (any 11.x and 12.x below 12.3) to the risk of a hack until the 12.4.1will be released.

The popular researcher Pwn20wnd, who already developed iPhone jailbreaks in the past, today has published a jailbreak for iOS 12.4. Some users claim the jailbreak works on their iPhones.

This is a very unusual situation because hackers that have developed a working exploit for iPhone prefers to sell it to zero-day broker firm like Zerodium that pay them up 2 million of dollars.

“A security researcher who hacks iPhones for a living, and who spoke on condition of anonymity because he wasn’t authorized to speak to the press, said that organizations that have the expertise to target iPhones can now use a bug in Safari, for example, to “ hack any up to date iPhone.” While it’s still not trivial to hack an iPhone remotely—even with the availability of this bug—the barriers to entry are now much lower.” wrote Lorenzo Bicchierai.

The exploit code could be included in a malware developed to spy on iPhone users, and according to Pwn20wnd, likely someone is already exploiting the flaw.

Users have to be careful about what apps they install on their smatphones because they can include the jailbreak.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – jailbreak, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

3 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

10 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

22 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.