Apple re-patches 'Sock Puppet' iOS jailbreak exploit

By on
Apple re-patches 'Sock Puppet' iOS jailbreak exploit

Gaping security hole closed.

Apple has issued an update for iOS that closes off a previously patched vulnerability that was accidentally re-opened by the company in version 12.4 of its mobile operating system, which coders were quick to exploit to gain full control of late model iPhones and iPads.

The update, iOS 12.4.1, re-patches a memory management bug that could be exploited to execute arbitrary code with system privileges.

Discovered by researcher Ned Williamson who worked with Google's Project Zero security team, the bug in the XNU kernel for iOS created a stir in the jailbreaking community, which tries to circumvent Apple's strict security measures for iDevices.

For security reasons, Apple locks down iOS so that only software from its official App Store can be installed and prevents apps from accessing low-level system functions on devices.

Nicknamed Sock Puppet, the flaw including source code was made public in July.

Sock Puppet was added to the un0ver jailbreak earlier in August, which was claimed could jailbreak devices running iOS 12.4 and with the A7 to A11 processors.

Jailbreakers are now telling users not to apply iOS 12.4.1 as it closes the exploit.

Security researchers however are warning that not patching the vulnerability could expose users to malicious software from the App Store and bypass Apple's code vetting procedures.

The risk is greater with Sock Puppet since source code for the exploit has been released in public, something that hasn't happened before.

Apple credited Williamson and Project Zero for rediscovering the bug.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?