Apple made up for last week's embarrassing mistake by pushing out an emergency patch for iOS today (Aug. 26). The update closes a hole that the company unintentionally re-opened with iOS 12.4.
The new version, iOS 12.4.1, fixes a flaw found by Google Project Zero's Ned Williamson that let a "malicious application ... execute arbitrary code with system privileges." But the 12.4.1 update also appears to negate the "unc0ver" jailbreak created by pseudonymous Apple hacker Pwn20wnd and released a week ago.
"We would like to acknowledge @Pwn20wnd for their assistance," Apple said in its release notes for iOS 12.4.1 (opens in new tab).
For his or her part, Pwn20wnd tweeted (opens in new tab), "iOS 12.4.1 is OUT. Do *NOT* upgrade to it," followed (opens in new tab) a short time later by "I can confirm the exploit was patched in iOS 12.4.1 - - Stay on iOS 12.4!"
Of course, upgrading to iOS 12.4.1 is precisely what you should do if you don't want to jailbreak your iPhone or iPad. Jailbreaking is fun because you can tweak your iDevice's software and install unauthorized apps, but it also leaves your iPhone or iPad vulnerable to malware. Even browsing to a specially crafted website could be enough to compromise your iDevice.
Every iOS upgrade patches some new security flaws. But in this case, 12.4 reversed one patch that had been issued with 12.3, which Pwn20wnd found. That meant that iOS 12.3 was protected, while 12.4 was not.
