2 min read

D'oh! Apple botches iOS update, leaves iPhones open to jailbreaking

Graham CLULEY

August 20, 2019

D'oh! Apple botches iOS update, leaves iPhones open to jailbreaking

For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS.

And a goof by Apple has allowed them do it.

The result? Millions of Apple iPhone and iPad users who thought they were doing the right thing by updating their devices to iOS 12.4 are at an increased risk of being successfully attacked by hackers through the vulnerability.

Normally iPhones and iPads running the latest version of iOS are locked down, preventing users from installing code that has not been scrutinised by Apple’s security team and reducing the chances of malware infiltrating devices.

But a jailbroken iPhone or iPad opens doors for unauthorised and pirated iOS apps to be installed, which may be boobytrapped to spy upon your communications or even – potentially – hold your data to ransom.

Normally the source code for a jailbreak exploit is not made publicly available before Apple has pushed out a security update to prevent it from working.

In this case, however, things have definitely not gone to plan.

The story starts in March, when researcher Ned Williamson uncovered a security hole in iOS. However, he didn’t make details of the vulnerability public until after Apple had issued a patch – in the form of iOS 12.2 – in May.

That, most of us would have thought, would have been the end of the matter. However, somehow Apple managed to undo its patch when it released iOS 12.4 in late July.

iOS 12.4, if you recall, was an important security update for Apple’s mobile operating system because it fixed a critical vulnerability that could allow a remote attacker to attack an iPhone just by sending a maliciously-crafted iMessage.

Now we learn that although Apple successfully closed one critical security hole in iOS 12.4, it unwittingly reopened an old one.

A security researcher by the name of Pwn20wnd has publicly released a jailbreak that exploits the bug that came back from the dead.

An obvious fear is that organised criminal gangs and state-sponsored hackers might attempt to exploit the vulnerability to launch attacks, steal data, and spy on persons of interest.

Pwn20wnd told Motherboard that “it is very likely that someone is already exploiting this bug for bad purposes.”

No doubt Apple is working feverishly to fix the vulnerability once and for all and investigate how it could have made the mistake of reopening an on old security hole that everyone thought had already been patched.

When Apple does release an update to iOS, make sure to install it as soon as possible – and let’s hope they don’t break anything else in the process.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read