Windows 10 News and info | Forum
September 22, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: iOS 12.4 Jailbreak Released After Apple Unpatches Older Bug  (Read 35 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30475


I Do Windows


WWW Email
« on: August 20, 2019, 11:36:42 AM »
ReplyReply

iOS security researcher Pwn20wnd released a public jailbreak for the latest stable iOS version after Apple reintroduced a vulnerability patched in iOS 12.3, previously exploited to jailbreak iOS 12.2.

Besides the newly available jailbreak for Apple latest iOS version, this should also be considered as a critical vulnerability reintroduced in Apple's mobile operating system that could open the doors to potential attackers targeting the company's huge iOS user base.

Security researcher Stefan Esser also warned iOS users in a tweet that once iOS 12.4 is exploitable by those who want to jailbreak it, anyone else could also do it, even via iOS apps released through Apple's App Store.

The vulnerability reintroduced by Apple is a use after free tracked as CVE-2019-8605 and discovered by Google Project Zero's Ned Williamson and patched by Apple with the iOS 12.3 release from May 13.

This security flaw made it possible for maliciously crafted apps to execute arbitrary code using system privileges on iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

Williamson released an iOS 12.2 exploit in July and dubbed it SockPuppet, an exploit which was included by hackers as part of new jailbreaks targeting that iOS version until Apple patched it and released 12.3.

However, somehow Apple reintroduced the CVE-2019-8605 flaw in iOS 12.4, which means that the same exploit used in 12.2 now works on version 12.4.

This was used by iOS hacker and researcher Pwn20wnd who created and published a new version of its jailbreaking tool, unc0ver v3.5.0, "with iOS 12.4 support for A7-A11 devices" on August 18.

Version 3.5.1 was released today to fix reliability and random reboots for people using it to jailbreak their 12.4 devices. To add insult to injury, the new unc0ver releases come with support for iOS 11.0 through 12.4.

Pwn20wnd also decided to give Apple credits for reenabling the Sock Puppet exploit within the new release's changelog:

Quote
    Add the updated SockPuppet 3.0 exploit by @umanghere

    Remove the SockPort and SockPort2 exploits

    Update system-memory-reset fix to fix random reboots

    Add Apple to the credits section for development

    Fix error at stage 2 when jailbreaking after updating from a lower firmware while preserving the app
     data

    Fix the app crashing upon stared up on iOS 11


After the new jailbreak was released by Pwn20wnd, lots of iOS users went on Twitter and reported that they've already tested it and that it works as advertised.

While this is a huge blunder from Apple's team, a very quick security update is also due to be released by the company sooner than later given that its iOS users are exposed by a huge attack surface.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page August 22, 2019, 05:57:57 AM