Users of Apple devices are being warned online to take particular care of their cyber security over the coming days after an accidental update from the company reopened a security flaw in the latest version of iOS, which can be exploited by hackers, as reported by The Guardian.
Apple released an update for iOS this week, claiming fixed security bugs as well as introducing Apple Card to the US.
However, the company had unknowingly reopened a security flaw which had been fixed back in April, allowing any third-party software to be installed onto Apple devices.
According to Google’s bug-hunting team Project Zero, who discovered the problem, the security breach could allows “a malicious application … to execute arbitrary code with system privileges.”
Google Project Zero's Ned Williamson told VICE's Motherboard that the mistake could lead to iPhones being targeted for spyware.
"Somebody could make a perfect spyware ... malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox--a mechanism that prevents apps from reaching data of other apps or the system--and steal user data."
Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher" he added.
The problem was originally reported to Apple in March and fixed and updated by June.
Hackers and miscreants everywhere can theoretically get their software installed onto Apple devices and compromise a victim's device.
Making it the first time in years that Apple has had an open flaw which can be taken advantage of by hackers.
It is extremely rare that self-professed high data-security companies such as Apple which use iOS become compromised.
The last time the new iOS become vulnerable to jailbreak was in 2015, only lasting for about seven days.
iPhone security expert Stefan Esser, took to twitter warning people of the hack:
“I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.”
— Alexander (@AlexanderUlti) August 19, 2019
Some users asked for clarity while others said they had no issue with the mistake.
— Lubos Kolouch (@kolcon) August 19, 2019
— Alexander (@AlexanderUlti) August 19, 2019
Javvad Malik, a security awareness advocate at KnowBe4 said: “No company is immune from making mistakes, even Apple, especially when the software is so complex as the iPhone.”
“While there is a window of opportunity available until a fix comes out to take advantage of the vulnerabilities, users can be vigilant to protect themselves by validating the apps they are downloading are legitimate and safe. Any attackers will likely try to fool users into downloading malicious versions of software to try and exploit the vulnerability.”
"Jailbreaking iPhones can leave them open to many threats – so should not be done” he warned.
According to The Guardian who contacted Apple, iOS 12.4.1 is expected to be fixed again in a few days’ time.
