Apple prides itself on the fact that iOS is a secure mobile operating system. It's certainly not perfect, but considering the company recently offered $1 million to anyone who can hack it, it must feel pretty good. That's why it's such a surprise the company managed to reopen a flaw it previously patched, and it affects everyone who was running the most recent version of iOS.
This afternoon, the company released an emergency update (iOS 12.4.1) to fix a major problem--one the company itself created. The update is available as an over-the-air update to anyone with an iPhone 5 or later, or iPad Air or later. If you're running iOS 12.4, you should update your device immediately.
While Apple itself doesn't provide much information about the flaw, the company did make a point of recognizing Ned Williamson from Google Project Zero as having reported the vulnerability, along with the hacker and "researcher" @Pwn20wnd, who created the jailbreak.
The iOS 12.4.1 security content mentions patching the bug used by the SockPuppet exploit.-- Pwn20wnd is reviving 0-Days (@Pwn20wnd) August 26, 2019
Apple also credited me for assistance with the kernel -- I credited them for the jailbreak so it seems like they wanted to do the same thing ;P. pic.twitter.com/IvyOgv0G3v
Jailbreaking was common early in the days of the iPhone when users wanted access to apps unavailable through the App Store, or to install profiles that allowed for other functionality (like unlimited data, back in the day). Now, however, it's far more difficult to jailbreak iOS, though that doesn't mean hackers aren't constantly trying. In fact, iOS 12.3 had patched this very flaw until Apple inadvertently reopened the door to hackers with 12.4.
This specific flaw could result in a hacker taking over your device through a malicious webpage coupled with a browser exploit. It's not clear whether any examples of this happening exist in the wild, but as with any hack, it's only a matter of time.
I imagine Apple never intended to update iOS 12 beyond 12.4, with iOS 13 just around the corner, but the last thing the company wants is for large numbers of devices to be compromised right before it releases new iPhones next month.
Of course, if you're a hacker, maybe you'd rather be able to jailbreak your device and take your chances. In that case, definitely don't update your iPhone. For the rest of you who would rather keep your personal information and iOS device secure, updating is simple. Just open your Settings app, go to General > Software Update and tap "Download and Install." That will download the current version and update it on your device.
While you're at it, you might want to go ahead and tap on "Automatic Updates," and turn them on to be sure your device is always kept up to date.