Just three weeks after a vulnerability was discovered in iOS which could be exploited via iMessage, Apple is in the news again for accidentally reopening a security flaw it had previously patched. The vulnerability, which allows iOS devices to be jailbroken with an exploit known as SockPuppet, was originally discovered by a security researcher at Google Project Zero and was patched in May with the release of iOS 12.3 and 12.3.1.
The jailbreak which currently works on iOS 12.4 and 12.2, is publically available for anyone to execute. We tested it here:
What are the implications?
Jailbreaking an iPhone poses serious security risks because it means the safeguards that come with iOS are no longer in place. This security flaw makes it possible for a malicious application to execute any code with system privileges on almost any iOS device, which would allow the malicious application to install ransomware, malware, spyware or other software with no restrictions.
Expecting an uptick in jailbroken iPhones and iPads, attackers will likely try to fool users into downloading malicious versions of software to try and exploit the vulnerability.
Why would people jailbreak their phones?
Apple maintains a high level of device security by restricting all devices to only allow apps downloaded from its official App Store. One reason for jailbreaking is to circumvent this restriction by increasing user permissions on the device.
Our research shows the most popular types of sideloaded apps include:
- Custom-built business applications
- Third-party app stores, eg. Cydia
- Games that aren’t available on official stores
- Free movie viewers, eg. MovieBox
- Cryptocurrency trading apps, eg. Binance
Aside from the installation of these popular third-party apps, people might want to jailbreak their phones to customize the way their apps are displayed, to use a free tethering service, to “unlock” their contracted phones and change carriers, or to download free software.
If a user that installs malware onto their device thinking it’s just an innocent game, their device and data would be entirely compromised. A lot of people don’t realize that launching a jailbreak defeats the security of the phone giving applications full access to the phone’s files and content of other apps.
Why are jailbreaks so rare?
For years, jailbreaks have been kept secret by security researchers, because exploits for the iPhone can sell for millions of dollars until a patch makes them unusable. Earlier this year, Apple announced it would pay $1M – $1.5 M for flaws discovered and reported to the company, incentivizing hackers to report them straight to Apple, rather than selling them quietly on the black market for a similar price tag. This is the first free public jailbreak for a fully updated iPhone that’s been released in years. The last time iOS was vulnerable to a publically available jailbreak was back in 2015.
What can you do?
All available versions of iOS currently have severe CVEs exposed on them. iOS versions prior to 12.4 are vulnerable to iMessage exploits that can expose the entire file space for remote actors. Today, only the iOS 13 beta release is not susceptible to the SockPuppet and iMessage CVEs. Although, in being a beta, it is inherently less stable and less supported than 12.x versions.
It’s generally not good practice to update to a beta version of an Operating System on a day-to-day device but at the time of writing, only the iOS 13 beta is patched against both the iMessage vulnerability and all publicly known jailbreak techniques. For those that don’t want to dip their toe in the beta zone of software, they must pick their poison between which vulnerability they wish to be exposed to.Dan Cuddeford, Senior Director of Systems Engineering at Wandera
Apple is expected to fix the problem again in its next iOS update. In the meantime, we urge you to follow this advice.
- Avoid the temptation of jailbreaking your phone, it’s not worth the risk.
- Validate that the apps you are downloading are legitimate and safe, even from the official App Store.
For organizations that manage devices with an EMM or security software:
- Monitor for jailbreak incidents on your iOS devices.
- Block access to the domain ‘jailbreaks.fun’, the main site hosting the exploit.
- Remember jailbreaking also circumvents the security software you’ve put in place so review your policies to ensure users aren’t too restricted and therefore more tempted to jailbreak.