Apple stops signing iOS 12.4 after iOS 12.4.1 patches jailbreak bug
Apple on Wednesday ceased code signing of iOS 12.4, an incremental update that accidentally unpatched a vulnerability which hackers quickly leveraged to create a publicly available jailbreak.
Typical of Apple's operating system release cycle, the halt to code signing for iOS 12.4 arrives about two weeks after iOS 12.4.1 was pushed out in late August.
The point update was issued in large part to close a once-secured flaw that was reintroduced with the release of in iOS 12.4 in June. Google security researchers discovered the vulnerability earlier this year and Apple subsequently squashed the bug in iOS 12.3.
Shortly after iOS 12.4 went live, researcher "pwn2ownd" harnessed the software flaw to build a jailbreak as an extension of their ongoing project "unc0ver." It was one of the first jaibreaks to impact a then-current version of iOS in years.
"[I]t is very likely that someone is already exploiting this bug for bad purposes," the researcher said in a statement at the time, suggesting nefarious actors might use the bug to build targeted malware.
By ending code signing for the vulnerable iOS, Apple closes the door for both jailbreakers and hackers. In addition to security, preventing users from downloading older code allows Apple to keep more iOS devices on the latest, feature-rich software.
Apple is due to release its next-generation iOS 13 on Sept. 19, bringing with it a slew of new features, enhancements and first-party apps.
Typical of Apple's operating system release cycle, the halt to code signing for iOS 12.4 arrives about two weeks after iOS 12.4.1 was pushed out in late August.
The point update was issued in large part to close a once-secured flaw that was reintroduced with the release of in iOS 12.4 in June. Google security researchers discovered the vulnerability earlier this year and Apple subsequently squashed the bug in iOS 12.3.
Shortly after iOS 12.4 went live, researcher "pwn2ownd" harnessed the software flaw to build a jailbreak as an extension of their ongoing project "unc0ver." It was one of the first jaibreaks to impact a then-current version of iOS in years.
"[I]t is very likely that someone is already exploiting this bug for bad purposes," the researcher said in a statement at the time, suggesting nefarious actors might use the bug to build targeted malware.
By ending code signing for the vulnerable iOS, Apple closes the door for both jailbreakers and hackers. In addition to security, preventing users from downloading older code allows Apple to keep more iOS devices on the latest, feature-rich software.
Apple is due to release its next-generation iOS 13 on Sept. 19, bringing with it a slew of new features, enhancements and first-party apps.
Comments
all jail breakable now
I was expecting at least a standing ovation
not really, I’m just stating facts
i think most jailbreakers were happy they could finally upgrade to a newer iOS after a long time being stuck on older iOS versions
my phone went from 9.3.2 to 12.4
itunes checks with the apple servers before you can install it
as long as apple is signing the update, iTunes will install it
like right now, even if you could get your hands on iOS 10 or 11 etc
itunes will not get a valid signature from apple, so the install will fail
apple does this to force people to always be on the latest version
they also do it to prevent jailbreakers from being able to jailbreak
Now that there is a jailbreak for iOS 12.4
they only sign 12.4.1
meaning if you haven’t already upgraded to 12.4
you can only go to 12.4.1