Emergency iOS patch fixes jailbreaking flaw for second time
Cyber Security

Emergency iOS patch fixes jailbreaking flaw for second time

With iOS 13 nearing release, Apple users perhaps thought they were done with iOS 12 updates for good.

If so, they were wrong. On 26 August 2019, another update was released for the four-week-old iOS 12.4 in the form of iOS 12.4.1.

Apple doesn’t describe this as an ‘emergency’ patch – though as it addresses a serious vulnerability, it’s hard to interpret it as being anything else.

Why the rush? This is where it gets awkward for Apple. Version 12.4.1 closes a jailbreaking hole, which we delved into in some detail last week.

The short version

Originally patched in iOS 12.3 in May 2019 after being revealed by Google Project Zero researcher Ned Williamson as the ‘Sock Puppet’ exploit (CVE-2019-8605), the arrival of iOS 12.4 in July inadvertently undid that fix.

A researcher known as Pwn20wnd subsequently released a follow-up jailbreak exploit dubbed ‘unc0ver’ on 18 August 2019 which jailbroke some Apple iOS devices.

In other words, Apple fixed the flaw, accidentally unfixed it, and with the appearance of a jailbreak had to rush out iOS 12.4.1 to re-fix it for a second time.

You might also like

Telegram App Flaw Exploited to Spread Malware Hidden in Videos

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Apple Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More