Apple has patched a vulnerability in iOS that allowed code execution on an iPhone. The vulnerability made a jailbreak possible on iOS 12.4.
The vulnerability has been fixed in iOS 12.4.1, which was released Monday evening. The bug fix is the only change in the latest version of that operating system.
Apple thus fixes a vulnerability that was announced earlier this week. Security researchers discovered a vulnerability in iOS 12.4 that was already fixed in iOS 12.3. It’s still not clear how that vulnerability re-entered the operating system. The vulnerability made it possible to remotely run code on an iPhone and escape the sandbox, although the discoverers admitted that exploiting the vulnerability in practice was very difficult.
The leak also made it possible to jailbreak the operating system. It was the first jailbreak in years for a modern version of iOS. In the release notes for iOS 12.4.1, Apple specifically mentions and thanks the researchers at @Pwn20wnd for the help they provided during the discovery. The leak was registered as CVE-2019-8605.