Apple just patched an unpatched flaw that it patched previously but accidentally unpatched recently — did I confuse you?
Let’s try it again…
Apple today finally released iOS 12.4.1 to fix a critical jailbreak vulnerability, like it or not, that was initially patched by the company in iOS 12.3 but was then accidentally got reintroduced in the previous iOS 12.4 update.
For those unaware, roughly a week ago, an anonymous researcher who goes by the online alias “Pwn20wnd” released a free jailbreak for iOS 12.4 on GitHub that exploited a kernel vulnerability (CVE-2019-8605) that Apple patched in iOS 12.3 in May this year.
However, the vulnerability accidentally got reintroduced in iOS 12.4 in July, making it easier for hackers to jailbreak updated Apple devices, including the iPhone XS, XS Max, and XR or the 2019 iPad Mini and iPad Air, running iOS 12.4 and iOS 12.2 or earlier.
Now, Apple has released iOS 12.4.1 to re-patch the security issue that not only allowed for jailbreaking but could have also allowed hackers or malicious applications to execute arbitrary code on a target Apple device with the highest level of privileges, i.e., system privileges.
Jailbreaking an iPhone gives you more control over your device by allowing you to install apps and other functions that are usually not approved by Apple, but it comes with its downside.
Jailbreaking also disables some system protections that the company has put in place to protect its users, exposing users to malicious apps from the App Store and eventually opening them to potential security risks.
Though Jailbreakers are advising users not to apply iOS 12.4.1 as it closes the exploit, I would personally recommend you to apply the security update as soon as possible if you really care about security.
To install the latest update, which features “important security and stability updates,” navigate to your device’s Settings → General → Software Update and tap “Download and Install” given right at the bottom.
Alternatively, you can also update your Apple device to iOS 12.4.1 through iTunes by connecting your iOS device to a computer and checking for the update.
In its security update note, Apple also acknowledged Pwn20wnd, who released the public jailbreak, for bringing the vulnerability to their attention. “We would like to acknowledge @Pwn20wnd for their assistance,” the company wrote.