While it seems every new iOS update comes with an urgent warning to install it, the latest one, update 12.4.1, from Apple really is crucial. The previous release actually unravelled a previous vulnerability, which this update aims to re-patch up. It may sound confusing and it sorta is. Let us explain a bit further.
[referenced url=”https://www.lifehacker.com.au/2019/08/uh-oh-nearly-a-billion-apple-devices-have-a-major-security-flaw/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2019/08/iPhone-Max-Apple-flaw-410×231.jpg” title=”Uh Oh – Nearly A Billion Apple Devices Have A Major Security Flaw” excerpt=”There are around 900 million active iPhone devices in the world and according to a security firm, most of them might be susceptible to hacking. The worst part is, Apple has allegedly known about it for four years and has yet to fix the loophole. Here’s what we know.”]
Apple’s latest iOS update, 12.4.1., has just been released and features important security upgrades for iOS devices. The new release fixes “a malicious application may be able to execute arbitrary code with system privileges.” Apple acknowledged security researcher @Pwn20wnd for their assistance in bringing the vulnerability to its attention.
The iOS 12.4.1 security content mentions patching the bug used by the SockPuppet exploit.
Apple also credited me for assistance with the kernel — I credited them for the jailbreak so it seems like they wanted to do the same thing ;P. pic.twitter.com/IvyOgv0G3v
— Pwn20wnd is reviving 0-Days (@Pwn20wnd) August 26, 2019
The bizarre thing is this vulnerability was already fixed months ago in May’s 12.3.1 update but just a few months later in July, the 12.4 release accidentally undid the patch. It took Apple around one month to remedy the situation.
The vulnerability left iPhone devices open to jailbreaking, which also causes Apple’s tight security to loosen leaving .
Earlier this month, we reported on another iOS vulnerability brought to light by cybersecurity firm Check Point. It believes Apple’s Contacts app has a major security flaw based on the SQLite database it runs on. Check Point demonstrated it could hack a device using the Contacts vulnerability at 2019 Def Con hacking conference.
While Check Point has said it provided the information to Apple in order to fix up the bug, it’s unclear whether Apple is looking into it.
[referenced url=”https://www.lifehacker.com.au/2019/08/earn-up-to-1-5-million-from-apples-expanded-bug-bounty-program/” thumb=”https://i.kinja-img.com/gawker-media/image/upload/t_ku-large/q8c2waq7jswz3lu2t6qj.jpg” title=”Earn Up To $1.5 Million From Apple’s Expanded Bug Bounty Program” excerpt=”Apple’s products have a reputation for being pretty secure, but they aren’t perfect. Now, if you’re a great security researcher or white-hat hacker — and you want to go after other Apple devices and services beyond just iOS and iCloud — you can earn a lot of cash.”]
Leave a Reply
You must be logged in to post a comment.