Pierluigi Paganini August 26, 2019

Apple has released an emergency patch in iOS 12.4.1 that addresses the CVE-2019-8605 use-after-free vulnerability that allowed iPhone jailbreak.

Recently, Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers and allowing the jailbreak of the devices.

Experts discovered that the iOS version 12.4 released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previously fixed in iOS 12.3.

A public Jailbreak for iPhones in was published by the Pwn20wnd hacker, it works with the latest version of the iOS mobile operating system. Google Project Zero expert Ned Williamson confirmed that the jailbreak worked on his iPhone.

The flaw potentially exposed iPhone devices running 12.4 version and older iOS versions (any 11.x and 12.x below 12.3) to the risk of a hack until the 12.4.1will be released.

Now Apple has released an emergency patch to address the CVE-2019-8605 kernel issue, the fix is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

“A malicious application may be able to execute arbitrary code with system privileges,” reads the advisory published by Apple. “A use after free issue was addressed with improved memory management.”

The vulnerability was initially reported by Google Project Zero white hacker Ned Williamson, who also published an exploit for iOS 12.2, dubbed “SockPuppet,” after the first patch was released.

The expert Pwn20wnd confirmed that the emergency patch released by apple definitively addressed the CVE-2019-8605 vulnerability.

Apple has also released security updates to address the kernel issue in macOS Mojave and tvOS.

Pierluigi Paganini

(SecurityAffairs – CVE-2019-8605, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]