Apple Patches iOS to prevent Jailbreaks Again
Apple released a patch that a kernel vulnerability again after it was accidentally unpatched in iOS 12.4. The flaw, CVE-2019-8605, a use-after-free issue existing in the kernel, could enable a malicious application to execute code with system privileges in up to date iOS devices. The flaw allows phones to be jailbroken. A public jailbreak was released last week to take advantage of it on phones running the latest version of iOS.
The release of public jailbreaks, a way to get around Apple's limitations on what apps can be installed on the iPhone, are atypical, especially for up to date phones. Jailbreaks are useful for those that want to install custom code, add features or perform security research outside the Apple ecosystem.
The bug was discovered by Google Project Zero researcher Ned Williamson, who after the initial patch published an exploit for iOS 12.2, which he called SockPuppet. Sockpuppet uses the vulnerability to achieve the kernel_task port on iOS 12.2 on [the]iPhone 6S+.
Apple patched the vulnerability in a May update, but it's most recent operating system update, iOS 12.4, accidentally unpatched the fix. Then, on Aug. 18 a hacker under the alias Pwn20wnd on Github released various jailbreaks for the latest version of iOS, based on SockPuppet.