A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had already fixed allowing the hacker to exploit it.
The jailbreak works with the latest version of the iOS mobile operating system, Google Project Zero expert Ned Williamson confirmed that the jailbreak works on his iPhone.
During the weekend, experts discovered that the latest iOS version (12.4) released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previously fixed in iOS 12.3.
The flaw potentially exposes iPhone devices running current and older iOS versions (any 11.x and 12.x below 12.3) to the risk of a hack until the 12.4.1will be released.
The popular researcher Pwn20wnd, who already developed iPhone jailbreaks in the past, today has published a jailbreak for iOS 12.4. Some users claim the jailbreak works on their iPhones.
This is a very unusual situation because hackers that have developed a working exploit for iPhone prefers to sell it to zero-day broker firm like Zerodium that pay them up 2 million of dollars.
“A security researcher who hacks iPhones for a living, and who spoke on condition of anonymity because he wasn’t authorized to speak to the press, said that organizations that have the expertise to target iPhones can now use a bug in Safari, for example, to “ hack any up to date iPhone.” While it’s still not trivial to hack an iPhone remotely—even with the availability of this bug—the barriers to entry are now much lower.” wrote Lorenzo Bicchierai.
The exploit code could be included in a malware developed to spy on iPhone users, and according to Pwn20wnd, likely someone is already exploiting the flaw.
Users have to be careful about what apps they install on their smatphones because they can include the jailbreak.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – jailbreak, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…
This website uses cookies.