It emerged a few days ago that in iOS 12.4 Apple accidentally reintroduced a way to jailbreak the iPhone. This brought with it a number of associated vulnerabilities. Will Bedingfield, writing at Wired, explained why this is a big deal.
Apple first fixed the problem in iOS 12.3 but reintroduced it in the latest version of its code, iOS 12.4, which was released in June. In doing so, Apple has inadvertently made it easier to jailbreak and hack its own product. This weakness let an attacker corrupt the phone’s kernel memory, allowing a security researcher, called Pwn20wnd, to develop and publish an iPhone jailbreak. This is a big deal for Apple, which offers a restricted user experience – apps on its app store are subject to rigorous testing and restrictions, for instance – in return for high security. The last time the newest version of iOS was open to a jailbreak vulnerability was back in 2015, when iOS 9 was prominent, and only for seven days.