Apple issues minor iOS patch to fix unintentionally unpatched jailbreaking flaw
- Apple released a minor update that fixes the jailbreak security flaw that was unintentionally reopened by iOS 12.4 update.
- The flaw could allow hackers to sneak in malicious apps that could execute arbitrary code with system privileges.
Apple recently released an update to the iOS 12.4 version to patch a critical security flaw that allowed hackers to jailbreak up-to-date phones. The iOS 12.4 version was released in July with an intent to issue small fixes and updates, but unintentionally re-opened the jailbreak security flaw that was patched with the iOS 12.3 update.
Who discovered the flaw?
The bug was initially found by Ned Williamson working with Google Project Zero. Apple thanked him in release notes for iOS 12.4.1 as having discovered the critical security flaws that allow hackers to exploit the operating system.
Also, an unknown user who went by the nickname @Pwn20wnd released a public proof-of-concept about the flaw on Git. The user also stated that “it is very likely that someone is already exploiting the bug for bad purposes,” while speaking to Motherboard last week.
Apple did thank Pwn20wnd in their security update for bringing the vulnerability to their attention. "We would like to acknowledge @Pwn20wnd for their assistance," stated the company.
What is jailbreaking?
Jailbreaking is typically used in connection with the iPhone, the most 'locked down' form of the mobile phone. Jailbreaking lets you install apps that haven't been approved by Apple, customizes the interface in various ways.
Risks of Jailbreaking
Many users have suggested that jailbreaking a phone gives you more control over your device by allowing users to add additional apps and functionalities that are not approved by Apple. In addition to that, jailbreaking disables many of the security features that Apple has put in place to protect its users from installing malicious apps from the App store and paving way for potential security risks. Hence, jailbreaking a phone always comes with its many disadvantages.
Security researchers have warned regular users who have not jailbroken their phones to update to the latest iOS 12.4.1 version. Failing to do so could allow hackers to sneak in any malicious application that could execute arbitrary code with system privileges.
Users can install the latest update using the on-air updating functionality from the iOS Settings app. Alternatively, users can also update your Apple device to iOS 12.4.1 through iTunes by connecting your iOS device to a computer and checking for the update.