The 12.4 iOS update which was released in arrived with a selection of bug fixes and changes which aimed to improve the user experience.
Alongside the benefits a small security flaw made into the stable version, allowing jailbreak developers to bring their patches on newer iPhones. To address this issue Apple decided to push an emergency update which should remove the vulnerability. It was also noted that the bug offered more access to rights to the accounts which were registered on vulnerable devices.
Some iPhone or iPad users prefer to install a jailbreak solution on their devices. The software modification will allow them to install apps which aren’t available in the App Store and to gain access to settings and functions which aren’t available under the default version of the OS.
The bug was discovered by a bug hunter who worked with Google Project Zero. Apple acknowledged his effort, and he receives official thanks in the release note for iOS 12.4.1. It seems that the bug allowed a malicious application to run code with admin privileges.
According to security researchers, the bug was spotted in a previous version of iOS, and it was patched when iOS 12.3 was released. Any devices which run iOS 12.4 or a version lower than iOS 12.3 are vulnerable and can be targeted by an exploit.
A functional jailbreak for iOS 12.4 is already available. Apple has fought against jailbreak solutions since the first versions appeared, arguing that using them will make the device vulnerable to malicious third-party apps which can be used to steal valuable data from the device.
The developer who created the jailbreak for 12.4 mentioned that the vulnerability could be exploited to create powerful spyware by escaping the sandbox restrictions imposed by the operating system. There other ways to inject malware, among which we can count the use of a fake webpage linked to a browser exploit.