News

Latest version of iOS reopens old security flaw

Before we get started

After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.

CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.

mac-pc

Owners of Apple devices that run on iOS have been cautioned to take cybersecurity particularly seriously over the next couple of days. This follows Apple accidentally reopening an old security bug in the latest version of the operating system.

In last month’s release of iOS 12.4, Apple patched a couple of security loopholes, and also enabled support for Apple Card for US users. In the process, however, it also mistakenly reversed an important security fix that came with iOS 12.3.

That update fixed a security flaw that was revealed by Google’s Project Zero, which, at least in theory, enables “a malicious application … to execute arbitrary code with system privileges.” To put it differently: by exploiting the bug, an application could get full control over your iPhone.

Such “jailbreaks” are so valuable to those who want to exploit them that they are usually kept a tight secret. The previous time a new iOS version contained a jailbreak-type bug was nearly four years ago, and then only for a week.



KnowBe4 security awareness advocate Javvad Malik said that everyone makes mistakes, even Apple. He warned that until a fix was released, there was the danger of someone taking advantage of the bug. He added that “users can be vigilant to protect themselves by validating the apps they are downloading are legitimate and safe.”

Malik warned that hackers were likely to try to trick iOS users into downloading malicious software so that they could exploit the bug. He also cautioned iPhone owners not to jailbreak their own devices, because this can expose them to numerous threats.

iPhone security expert Stefan Esser warned that even apps downloaded from the app store could contain a copy of the jailbreak.

Apple will most likely release a patch for the current vulnerability with iOS 12.4.1, which should be ready in a couple of days.

Tags

About the author

Chris

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.