The Great iOS Jailbreak of 2019—and why you should update to 12.4.1 right now!
First, the good news.
Apple has just released a patch to fix the issue discussed below. If you don’t have automatic updates enabled, take a second to update to iOS 12.4.1 now.
Then come back and join us for the gory details of Apple’s biggest security lapse in quite a while—and learn all about the issue of “jailbreaking” iPhones.
In updating the code for iOS 12.4, Apple unwittingly reintroduced a vulnerability which had previously been patched in iOS 12.3.
The vulnerability, discovered by a Google researcher and named “SockPuppet”, could potentially allow a malicious actor to hack an iPhone.
Who was affected?
Anyone using iOS 12.4, or any version of iOS 12 below 12.3, was at risk from this vulnerability. In addition, anyone using any version of iOS 11 was also exposed.
Why was it so serious?
The kinds of vulnerabilities that allow people to “jailbreak” an iPhone are serious, relatively rare, and (once discovered) quickly patched. This means that typically, the only people affected when a jailbreak is made public are those running older versions of iOS. And it also means that at-risk iPhone users can protect themselves relatively easily by updating their iOS to the latest, patched version.
However, in this case Apple’s newest version of iOS (iOS 12.4) actually re-introduced a vulnerability from iOS 12.3 that had already been fixed. This left those using the most up-to-date version of iOS nowhere to turn for a patch.
What is “jailbreaking”, anyway?
To “jailbreak” an iPhone means to exploit a vulnerability in the iOS code in order to gain high-level administrative privileges, or “root” privileges, that iOS users are never supposed to have—and then use those privileges to do things on an iPhone that Apple doesn’t want you to do.
Once you have root privileges on an iPhone, you can, for example, install apps which have been banned from the App Store. You can modify and customize apps and programs in ways that Apple or the developers never intended. And you can install third-party software that hasn’t gone through any kind of App Store review process.
How is jailbreaking a security issue?
Apple doesn’t want anyone outside of the company to have root access to their devices. Some of this is business, but largely it’s for reasons of security. Because of this, Apple makes it extremely difficult to obtain this kind of access. In theory, it’s supposed to be impossible to hack an iPhone (Cupertino recently announced a $1 million prize to anyone who could do it).
So when someone does discover a jailbreak vulnerability for some version of iOS, it means somewhere along the line, something has gone very wrong.
But why is this a security issue?
Because it’s not just free-speech activists and amateur mobile developers who want root access to iPhones.
It’s hackers too.
Once they have administrative rights over an operating system, bad actors can execute code on a hacked iPhone or install malicious software which bypasses the App Store’s review process and security features entirely.
So you’re saying I shouldn’t jailbreak my iPhone?
Absolutely not, unless you’re a former Apple software engineer who likes to live dangerously.
Jailbreaking an iPhone can void the warranty, damage core functionality, and introduce serious security risks.
Unless you’re extremely familiar with the iOS codebase, you’ll have no way of knowing if what you’re doing is opening you up to attack by hackers (spoiler, it probably is).
In other words, the risks don’t really justify the potential rewards.
Looking ahead to iOS 13
With iOS 13 expected to be released sometime in September, this incident will likely be a distant memory very soon.
But it’s a good reminder to update your operating systems religiously. And it’s a good opportunity to reflect on the fact that even a company like Apple, which employs some of the best software engineers in the world, isn’t immune to bugs and mistakes.