Apple Patch Reopens Security Vulnerability
OS update for iPhone should not be installed as it reopens security flaw that was previously patched
Users of the Apple iPhone are being urged not to install the latest iOS update, as the new operating system accidentally reopens a previously patch flaw.
The flaw is so seriously that if it is exploited, it could allow hackers to gain complete control of an iPhone or iPad.
It comes after Apple last month released iOS 12.4, which fixed a number of a bug and also switched on support for the Apple Card (Apple’s credit card). But unfortunately it seems that Apple also reopened a flaw that it had fixed in iOS 12.3 in April.
Apple Patch
That vulnerability had been found by Google’s bug-hunting team Project Zero, which could potentially allow a malicious application to execute arbitrary code with system privileges (essentially to jailbreak or gain complete control of an iPad or iPhone).
Apple is reportedly in the process of issuing a fresh iOS update (iOS 12.4.1) in the next few days, so users are advised to hold off updating until then.
Security scares for Apple are rare but have been becoming more common of late as the popularity of their devices makes them an increasingly attractive target for hackers.
This time last year Apple’s main computer network was hacked by an Australian teenager who managed to download 90GB of files and accessed customer accounts.
Just prior to that Apple had dismissed claims by a security researcher, who had said he had discovered a way to gain a brute-force entry into an iPhone.
iBoot scare
Also in 2018 Apple was embroiled in a serious security scare after the source code for iBoot was anonymously posted on GitHub.
Unfortunately, iBoot is a critical component of the iPad and iPhone’s operating system. Hackers and security researchers could use it to find vulnerabilities in the iOS operating system or make jailbreaking iOS devices easier.
The discovery of the iBoot source code on GitHub was first noticed by security website Motherboard. Apple quickly filed a copyright takedown request with GitHub to force the company to remove the code.
It later emerged that the original leaker was an Apple intern who shared the source code for iBoot with his friends.
Unfortunately, his friends then shared it with others, and it was from there that the source code was posted online.
Do you know all about security? Try our quiz!