News

Latest version of iOS reopens old security flaw

Owners of Apple devices that run on iOS have been cautioned to take cybersecurity particularly seriously over the next couple of days. This follows Apple accidentally reopening an old security bug in the latest version of the operating system.

In last month’s release of iOS 12.4, Apple patched a couple of security loopholes, and also enabled support for Apple Card for US users. In the process, however, it also mistakenly reversed an important security fix that came with iOS 12.3.

That update fixed a security flaw that was revealed by Google’s Project Zero, which, at least in theory, enables “a malicious application … to execute arbitrary code with system privileges.” To put it differently: by exploiting the bug, an application could get full control over your iPhone.

Such “jailbreaks” are so valuable to those who want to exploit them that they are usually kept a tight secret. The previous time a new iOS version contained a jailbreak-type bug was nearly four years ago, and then only for a week.

KnowBe4 security awareness advocate Javvad Malik said that everyone makes mistakes, even Apple. He warned that until a fix was released, there was the danger of someone taking advantage of the bug. He added that “users can be vigilant to protect themselves by validating the apps they are downloading are legitimate and safe.”

Malik warned that hackers were likely to try to trick iOS users into downloading malicious software so that they could exploit the bug. He also cautioned iPhone owners not to jailbreak their own devices, because this can expose them to numerous threats.

iPhone security expert Stefan Esser warned that even apps downloaded from the app store could contain a copy of the jailbreak.

Apple will most likely release a patch for the current vulnerability with iOS 12.4.1, which should be ready in a couple of days.

Tags

About the author

Chris

I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

You can also follow me on: and

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.