iOS 12.4 Jailbreak Security Hole Is Closed Again
Jailbreaking has always been like a game of cat and mouse between Apple and developers. Said developers will discover a critical vulnerability that grants them privileged access to the operating system and Apple will later close that security hole, thereby making the jailbreaking method ineffective. That has been repeated over and over again to the point that it has become harder and rarer for such exploits to be discovered and used. That scenario repeated itself last week with a bit more media coverage but that may be over now that Apple has once again shut that door in the latest maintenance patch for iOS.
The reason why iOS jailbreaking made headlines once again was mostly due to the irony of the situation. Apple released iOS 12.4 last month, perhaps the last release before the big iOS 13 launch, that was reported to have actually endangered iPhone and iPad owners more than protected them. It also made it possible to almost too easily jailbreak these devices again.
That was because Apple accidentally reverted a fix in iOS 12.3 that closed a vulnerability that allowed the arbitrary execution of code by third-parties. After ending up with a bit of egg on its face, Apple released iOS 12.4.1 that reapplies that fix to close that particular door once and for all. Or at least someone goofs up yet again.
Apple's wording for the security update almost sounds harsh, describing how a malicious app could execute code with system privileges. In other words, the exact kind of vulnerability needed for a jailbreak. Unfortunately, that same vulnerability could be used by truly malicious agents to install spyware, perhaps ironically masquerading as jailbreaking utilities.
Of course, the cycle just continues, with the ball now in security researchers' and developers' court. iOS users may have fewer reasons these days to jailbreak but those that still need to for one reason or another should also be mindful that they are also more at risk because of it.