The latest version of Apple’s mobile operating system released late last month reintroduced a critical security bug that makes all iPhones and iPads that updated to iOS 12.4 vulnerable to malicious hackers.
The vulnerability dubbed SockPuppet was first discovered by Ned Williamson, a security researcher at Google Project Zero and was subsequently patched by Apple when it released iOS 12.3 on May 13, or 99 days ago.
The security flaw makes it possible for a malicious application to execute any code with system privileges on iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and install ransomware, malware, spyware or any kind of piece of software really.
To put it simply, this is one of the highest levels of security criticality you can get and its mind-blowing that Apple has reintroduced the vulnerability in the July 22 release of the latest version of its mobile operating system, iOS 12.4.
On Monday, a security researcher known as Pwn20 published on GitHub an exploit, with the associated source code, that took advantage of the vulnerability to break into an iPhone, also known as jailbreak, in just a few minutes.
I’ve contacted Apple’s public relations representatives and will update the story as they reply back.
Below is a video that explains how to jailbreak an iPhone running iOS 12.4 using Pwn20’s exploit:
You can also find more about Pwn20’s exploit on the jailbreak group on Reddit.
Atherton Research Insights
The reintroduction of such a critical security vulnerability shows that there was something wrong that happened during the software quality validation process at Apple: The bug was known, successfully corrected and deployed in the iOS 12.3, but then reintroduced on version 12.4.
This is just mind-blowing.
But the worse is yet to come for iPhone, iPad, and iPod touch users that are running the latest version of iOS as Apple has not issued a fix as of the time of this report.