Reintroduction of SockPuppet Flaw in iOS 12.4 Leaves iPhones and iPads Vulnerable

Over the weekend, it emerged that an iOS exploit that was previously patched was reintroduced in the most recent version of iOS. It was discovered due to its inclusion in unc0ver, a popular jailbreaking software application. In unc0ver version 3.5.0, the author, Pwn20wnd, announced the availability of a public jailbreak on signed version of Apple’s firmware, which hasn’t happened in several years.

The previously patched exploit is CVE-2019-8605, which was dubbed as “SockPuppet” by its discoverer, Ned Williamson. It was patched in iOS 12.3, which was released in May 2019. In July 2019, Williamson released two separate exploits, which were eventually incorporated into unc0ver. However, it was only recently discovered that SockPuppet was once again functional in iOS 12.4, when it was verified and incorporated into this jailbreaking application.

There are scenarios outside of jailbreaking where determined attackers could utilize this exploit to target Apple mobile devices.

For more details about the reintroduction of the vulnerability, including what versions of iOS and Apple processors are affected, please visit our blog.