Apple Accidentally Unpatches Fixed iOS Security Flaw Leaving Devices Vulnerable to Hackers - Reports

CC0 / / iPhone
iPhone - Sputnik International
Apple had professedly fixed a bug which allowed the installation of any third party software back in july. Hackers however publicly released a jailbreak for updated iPhones this weekend for the bug, making it the first freely available jailbreak for iPhones in years.

Users of Apple devices are being warned online to take particular care of their cyber security over the coming days after an accidental update from the company reopened a security flaw in the latest version of iOS, which can be exploited by hackers, as reported by The Guardian.

Apple released an update for iOS this week, claiming fixed security bugs as well as introducing Apple Card to the US.

However, the company had unknowingly reopened a security flaw which had been fixed back in April, allowing any third-party software to be installed onto Apple devices.

© Sputnik / Grigoriy Sisoev / Go to the mediabankiPhone
Apple Accidentally Unpatches Fixed iOS Security Flaw Leaving Devices Vulnerable to Hackers - Reports - Sputnik International

According to Google’s bug-hunting team Project Zero, who discovered the problem, the security breach could allows “a malicious application … to execute arbitrary code with system privileges.”

Google Project Zero's Ned Williamson told VICE's Motherboard that the mistake could lead to iPhones being targeted for spyware.

"Somebody could make a perfect spyware ... malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox--a mechanism that prevents apps from reaching data of other apps or the system--and steal user data."

Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher" he added.

The problem was originally reported to Apple in March and fixed and updated by June.

Hackers and miscreants everywhere can theoretically get their software installed onto Apple devices and compromise a victim's device.

Making it the first time in years that Apple has had an open flaw which can be taken advantage of by hackers.

It is extremely rare that self-professed high data-security companies such as Apple which use iOS become compromised.

The last time the new iOS become vulnerable to jailbreak was in 2015, only lasting for about seven days.

iPhone security expert Stefan Esser, took to twitter warning people of the hack:

“I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.”

Some users asked for clarity while others said they had no issue with the mistake.

Javvad Malik, a security awareness advocate at KnowBe4 said: “No company is immune from making mistakes, even Apple, especially when the software is so complex as the iPhone.” 

“While there is a window of opportunity available until a fix comes out to take advantage of the vulnerabilities, users can be vigilant to protect themselves by validating the apps they are downloading are legitimate and safe. Any attackers will likely try to fool users into downloading malicious versions of software to try and exploit the vulnerability.”

"Jailbreaking iPhones can leave them open to many threats – so should not be done” he warned.

According to The Guardian who contacted Apple, iOS 12.4.1 is expected to be fixed again in a few days’ time.


To participate in the discussion
log in or register
Заголовок открываемого материала