back to article Breaker, breaker. Apple's iOS 12.4 update breaks jailbreak break, un-breaks the break. 10-4

iPhone hackers have discovered Apple's most recent iOS update, 12.4, released in July, accidentally reopened a code-execution vulnerability that was previously patched – a vulnerability that can be abused to jail-break iThings. Pwn20wnd, the developer of the iPhone jail-breaking tool unc0ver, says the newest version of their …

  1. Sorry that handle is already taken. Silver badge


    The Register has asked Apple for comment on the matter, and has yet to hear back at the time of publication.
    Hope springs eternal!

    1. Sampler

      Re: Standard

      I do always wonder when I read those lines what timeframe they were given, like, they send the email and hit post?

      You know, similar to the "user not available" logs to keep tickets in SLA when we were all lowly desk support monkeys...

      1. sanmigueelbeer

        Re: Standard

        I do always wonder when I read those lines what timeframe they were given

        When h3ll freezes over ... that's the timeline.

        1. TeeCee Gold badge

          Re: Standard

          I have it on good authority that the heating system is still working in Apple's legal department.

      2. Antonius_Prime

        Re: Standard

        "You know, similar to the "user not available" logs to keep tickets in SLA when we were all lowly desk support monkeys..."

        I give three goes in 3 days then close. If it's super important, then maybe respond to emails and walk ups.

        Mine's the rubber one with the over-volted cattle-prod in the outside pocket, next to the hammer with easily wipeable handle...

      3. steviebuk Silver badge

        Re: Standard

        Unless you're using Lansweeper who, despite being designed as a helpdesk tool. Never, despite it being a key fucking feature in all helpdesk solutions, added the ability to freeze time on tickets, so all calls will always go out of SLA no matter what you set them to.


    2. Bubba Von Braun

      Re: Standard

      Now we all know that the Apple's PR Department is a mini Black Hole located in Cupertino CA, where it gobbles up Reg inquires, and as we all know nothing can escape a Black Hole, not even a response.

      And that is why Apple has a doughnut HQ, Black Hole lives in the center. Come to think of it so does GCHQ.. whats that noise.. oh not the black helicopters again..<static>

      1. Anonymous Coward
        Anonymous Coward

        Re: Standard

        Well there is the phenomenon called Hawking radiation by which the Cupertino black hole will eventually evaporate.

        Maybe it’s linked by a wormhole to the GCHQ one?

    3. Annihilator

      Re: Standard

      I like to think this line is some sort of automatically generated content that gets appended to any story with "Apple" as a tag. Someone should really consider that as a cost opportunity.

    4. davemcwish

      Re: How long...

      Surely its just a matter of:-

      Apply this rule after the message arrives

      from The Register

      move it to the Spam folder

  2. Sanctimonious Prick

    Just Have To Say

    ... Hate the headline! Could you have made it any harder to read? :D

    Mine is the one with a working 3310 in the left pocket ---->


    1. Anonymous South African Coward

      Re: Just Have To Say

      I see your working 3310 and raise you a working 5230...

      ...oh wait, the 3310 is more reliable...

      1. IGotOut Silver badge

        Re: Just Have To Say

        Sorry, if playing Top Trump's, my 6310i kicks both Ur asses.

    2. andy gibson

      Re: Just Have To Say

      "Don't do what Donny Don't Does"

  3. Pascal Monett Silver badge

    So, unc0ver is open-source ?

    Interesting. So Apple should be all over that code to see what it's using and patch the holes. Apparently, Apple does not do that.

    Now the question is : why on God's green Earth did Apple unfix a fix and re-allow jailbreaking ?

    Another question : how long before a patch is published that re-applies the fix, thus locking the phone down again ?

    Because Apple is aware of this, and they had the fix, so I really don't see that it is interesting to go and use the unfix to jailbreak the phone since it's likely going to be locked down again at the next patch release.

    1. RAMstein

      Re: So, unc0ver is open-source ?

      Most likly they branched of an unfixed repo for 12.4 and never backported the security fix that broke this particular jailbreak. (rather than 'unfix' it). Should be fixed soon.

      1. Doctor Syntax Silver badge

        Re: So, unc0ver is open-source ?

        And didn't bother with regression testing.

    2. Anonymous Coward
      Anonymous Coward

      Re: So, unc0ver is open-source ?

      Jony Ive didn't like the way the code looked so ordered it's removal?

      1. Alister

        Re: So, unc0ver is open-source ?

        "Tabs are so nineties, darling, let's just single-space everything, Oh and get rid of the brackets, they're so messy"

        1. Antonius_Prime

          Re: So, unc0ver is open-source ?

          Thankfully, even in Cupertino, they realised its best to keep the coloured pencils department away from the coders most of the time...

          (We once heard talk of secret arena's, ***** club style, but the people telling us this said they were breaking the first two rules...)

    3. Zippy´s Sausage Factory

      Re: So, unc0ver is open-source ?

      Excuse me for a silly question here, but if it's open source, why are they not running a version of it internally and trying to see if it will jailbreak the phone before they release? "iOS ain't done until unc0ver don't run*" sort of thing?

      Or better yet, work out unit tests for each of the exploits and make sure they pass before you even consider shipping code. I'm sure it's not impossible, even if it's not entirely trivial...

      * sort of like Microsoft's old "DOS ain't done until Lotus don't run", but less likely to be used in evidence against them in a court of law...

  4. Anonymous Coward
    Anonymous Coward

    Par for the course for Apple now

    Doesn't surprise me, Apples software quality control seems somewhat lax these days. The 10.14.6 MacOS update returned a display sizing bug on some HDMI TVs that they took ages to sort out and finally released in 10.14.5. Now yet again I have to wait and switch on the TV after my Mac has booted otherwise the display doesn't fit the screen properly.

    1. coconuthead

      Re: Par for the course for Apple now

      Here's another one:

      10.13 (and I think some earlier) had a bug where if you had fast user switching enabled, switched to the login screen, slept the computer and then woke it, it would clear the username and password fields about 10 seconds after waking, If you weren't quick about it the login would fail, or even worse leave you typing your password in the plain into the username field (because, of course, TAB wrapped).

      This was fixed in 10.14, but has reappeared in one of the point releases.

    2. Wade Burchette

      Re: Par for the course for Apple now

      What is with these companies and their insistence on copying the bad ideas of others? Apple copies Microsoft's bad idea on lax quality control. Microsoft copies Apple's bad idea of making unrepairable devices. Smartphone makers copy Apple's bad idea of a notch and lack of headphone port and irreplaceable battery.

      I just don't understand. These are all very bad ideas, and they spread like cancer.

      1. Anonymous Coward
        Anonymous Coward

        Re: Par for the course for Apple now

        This is what happens when companies only listen to the fanboys who would honk and applaud like demented seals if they announced a steaming turd with an apple or MS logo on it, never mind removal of a headphone jack or adding a stupid notch, instead of listening to feedback from normal users.

    3. Rob Telford

      Re: Par for the course for Apple now

      Clearly you never experienced the bugfest that was System 7.5.3 :-)

  5. Missing Semicolon Silver badge

    "accidentally reopened a code-execution vulnerability that was previously patched"

    "accidentally" Yeah, right.

    1. lglethal Silver badge

      Re: "accidentally reopened a code-execution vulnerability that was previously patched"

      Never attribute to Malice what can be adequately explained by incompetence...

      (yes I'm paraphrasing, and no it probably it actually isnt down to incompetence, more then likely its down to a lack of budget for adequate testing, and a manager with a deadline that they just have to stick to, even thought they know they'll be shipping an incomplete, probably bug ridden, piece of crap code. There's always 12.5 to come after all...)

      1. Robert Carnegie Silver badge

        Re: "accidentally reopened a code-execution vulnerability that was previously patched"

        Actually, 13.0 is coming and it won't work on my handset - official. I'm already planning the upgrade. And I think that once iOS 13 is released, iOS 12 maintenance ends. You have to take iOS 13 as your update if your phone accepts it, and if not, then too bad.

  6. Pennsyjohn

    Nothing new here

    I worked on mainframes in the bad old days. A programmer wrote code that if the tape reel was full, it rewound the reel and erased all the data on ot. As expected, it caused consternation and was promptly "fixed" i.e. it was bypassed. After about two months, a patched version of the software was installed. You guessed it, it re enabled the old bug. Ah, the days when you got to meet the VP of engineering from Boston, who promptly said we did it somehow.

    Customer fessed up after a day, but the chewing lasted a long time.

  7. Conundrum1885

    Rubber duck


    Also incidentally this problem happens on Android as well. A recent patch caused a very old bug with SD cards and external devices present in the N4 and others to reappear, causing me to wrongly conclude that the card had been corrupted.

    If anyone else gets this the symptom is that a specific block of text in the first 512 bytes will be duplicated, if seen then any good forensics tool should be able to get most of not all of the data back with fair success.

    Shame that S*****g didn't just fess up and release a fix tool, people probably lost data because of this.

  8. MrMerrymaker

    Apple should take the hint

    Take the walls down from the Walled Garden just a bit.. Loosen it up and take the need for jailbreak away by adding what it's most popular features are (I'm android these days but I know I used to love theming)

    Negate the NEED to do it!

    ... Pigs need to fly for that though!

    1. Anonymous Coward
      Anonymous Coward

      Re: Apple should take the hint

      The “most popular feature” is installing pirated expensive apps for free.

  9. DerekCurrie

    NOTE: iOS 12.3 has also been found to be vulnerable

    According to the Release notes for the Undecimus jailbreak exploit from the discoverer of the security flaw, pwn20wnd, iOS 11 through iOS 12.4 are ALL vulnerable! iOS 12.3 is NOT immune. This brings into question Apple's 'patch' in iOS 12.3.


    "v3.4.1 Release... Add iOS 12.3~b1 support to the jailbreak (Verified working on iPhone 5s)"

    "v3.5.4 Release... Fix instant or random reboots after jailbreaking with the SockPuppet3.0 exploit on A7-A12X devices on iOS 11.0-12.4"

    Note: "iOS 11.0-12.4".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like