Apple Re-Patches Bug That Led to a Public iOS Jailbreak
Over the last couple of weeks, both on the Checklist and on the news section of our site, we’ve been talking about the story of the big iOS jailbreak that was announced in August. This jailbreak was unusual in that it affected the most up-to-date version of iOS available—something we hadn’t seen in quite a while.
Jailbreaking, as you’ll recall, is the process of removing Apple’s built-in safeguards and limitations on what users and software can do in iOS, essentially allowing them high-level administrative privileges that Apple never intended them to have.
Although jailbreaking iPhones has waned in popularity in recent years (in part because there are fewer reasons to do it than before), the practice has never really gone away. It’s gotten a bit harder to do, however—which may well be for the best, considering the security risks that jailbroken phones can expose users to.
But although it’s gotten harder to find bugs that make it possible to jailbreak an iPhone, they still crop up from time to time. Such a vulnerability was found in an earlier version of iOS and subsequently patched in iOS 12.3. Alas, in the most recent version of iOS, the patch somehow got un-patched, reintroducing the vulnerability in iOS 12.4 and exposing users to a potential security issue…one with no upgrade in place to address the danger.
A lot of us were wondering about the nature of this bug, and a few more details have emerged which may be of interest to readers who have been following the story from the outset.
As we noted in Checklist 152, the issue affected the kernel, or the core OS functionality, of iOS. The issue seems to have been a “use-after-free” vulnerability. This type of vulnerability comes about when memory that was allocated for use by some program has been freed up—but can still be referenced by that program (which shouldn’t happen; this is essentially a programming error). If someone manages to insert some executable code in that section of memory, the program, which still thinks the chunk of memory in question is legitimate data, may run the code and give whoever inserted that new code control over the system: a jailbreak, or, in the case of a malicious actor, a hack.
With the latest round of updates, Apple has re-patched the bug and eliminated the vulnerability that allowed the jailbreak to occur in the first place. The new version numbers to look for include:
- iOS 12.4.1
- watchOS 5.3.1
- macOS Mojave 10.14.6 Supplemental Update
- tvOS 12.4.1
The important fix contained within these updates is, clearly, the jailbreak patch. Again, since jailbreaks can allow malicious actors to gain control over a device, it is important to update your various devices to the latest OS. If you haven’t updated already, please do so now—and if you don’t have automatic updates enabled, consider setting them up while you’re at it.