Security flaw accidentally released by Apple in latest iOS

SAN FRANCISCO — Hackers have released a working, public jailbreak for a fully working iPhone, which means that the phones can have unofficial software installed by users wanting to bypass Apple’s strict security.

However, jailbreaking your phone leaves it more prone to being hacked, experts said. 

Apple fixed a number of security bugs in iOS 12.4 — which the tech giant released last month — but in doing so, it accidentally reversed a security fix that it had previously patched in iOS 12.3, British daily The Guardian reported.

The vulnerability was discovered by Google’s bug-hunting team Project Zero.

A jailbroken iPhone opens users up to a host of possibilities, such as the downloading of unauthorised software. 

Professor Ayman El Hajjar, a lecturer in computer science and engineering at the University of Westminster, said that the “customisation of the phone to its full abilities” is also possible.

At the same time though, the jailbroken iPhone will be at a much higher risk of attack or malware. This is because it cannot be updated with Apple’s security upgrades, leaving it vulnerable, he added.

Mr Thomas Reed, director of Mac and mobile at cyber-security solutions provider Malwarebytes, said that having the phone jailbroken is the most common way iOS devices get infected.

It may also allow hackers and spies to remotely jailbreak and gain complete control over an iPhone through malicious applications. 

On Twitter, iPhone security expert Stefan Esser said: “I hope people are aware that with a public jailbreak being available for the latest iOS 12.4, people must be very careful what apps they download from the Apple AppStore.

“Any such app could have a copy of the jailbreak in it.” 

Such vulnerabilities, however, are not as commonplace as it used to be.

The last time the newest version of iOS was open to a jailbreak vulnerability was back in 2015, for a period of just seven days, The Guardian wrote.

This may be because reporting these hacks to Apple might be the most lucrative option for hackers, with Apple allegedly willing to pay up to US$1 million (S$1.38 million) to hackers who report vulnerabilities in the iPhone’s operating system, Vice magazine reported.

Mr Aaron Zander, head of IT at cyber-security company HackerOne, said in a statement that those who reported or sold the hacks “eventually got hired, bought, or ceased and desisted to death by Apple.”

With the closure of these third-party app stores featuring “jailbroken” software, the “community behind a lot of these groups has completely dissipated over the last half decade or so”, he said. AGENCIES