Apple accidentally re-introduced a previously patched vulnerability from iOS 12.3 into iOS 12.4. This led to the release of a jailbreak for iOS 12.4 from Security Researcher Pwn20wnd called “unc0ver 3.5.0.” This is the first jailbreak to be released for up-to-date iPhones in years. This is significant, because, according to an article from Motherboard, iPhone bugs are so valuable that they are often not reported to Apple at all, and jailbreak exploits are often sold for large amounts of money. For example, the FBI paid over $1.2 million for a vulnerability that allowed them to gain access to an iPhone 5c used by San Bernardino shooter Syed Farook.
Another reason security researchers might be unwilling to report bugs to Apple is that Apple doesn’t offer a strong enough incentive. After refusing to offer a bug bounty program for some time, Apple announced its bug bounty program in 2016. Rewards range from $25,000 for “Access from a sandboxed process to user data outside of that sandbox process” to $200,000 for “Secure boot firmware components.” While this may sound like a lot of money, it is nothing compared to what Companies like Zerodium and Exodus offer for similar exploits. Zerodium has offered up to $1.5 million for exploits that would allow jailbreaks, and Exodus has offered up to $500,000 for similar exploits. Alternatively, some researchers don’t report bugs to Apple because the patching of those bugs would interfere with their ability to do further research. According to Luca Todesco, a well-known figure in the iPhone jailbreak community, “Either you report and kill your own bugs, or you decide not to report the bug so that you don’t complicate your own life and you can keep doing research.”
The vulnerability used in this jailbreak was discovered by New Williamson, who works for Google Project Zero. The bug, titled CVE-2019-8605, could allow a malicious application to “execute arbitrary code with system privileges.” According to The Hacker News, “besides embedding the exploit into an innocentlooking app, the vulnerability can also be exploited remotely by combining it with sandbox bypass flaws in Apple Safari web browser or other Internet exposed services.” Even with this vulnerability, remotely hacking an iPhone is still a difficult task. However, it is substantially less difficult while this bug still exists on iPhones.
Sources:
• https://www.vice.com/en_us/article/qvgp77/hacker-releases-first-publiciphone-jailbreak-in-years
• https://thehackernews.com/2019/08/ios-iphone-jailbreak.html
• https://support.apple.com/en-us/HT210118
• https://www.vice.com/en_us/article/gybppx/iphone-bugs-are-too-valuable-to-report-to-apple08