Apple Accidentally Unpatches Fixed iOS Security Flaw Leaving Devices Vulnerable to Hackers – ReportsCC0Society21:49 20.08.2019Get short URL
Apple had professedly fixed a bug which allowed the installation of any third party software back in july. Hackers however publicly released a jailbreak for updated iPhones this weekend for the bug, making it the first freely available jailbreak for iPhones in years.
Users of Apple devices are being warned online to take particular care of their cyber security over the coming days after an accidental update from the company reopened a security flaw in the latest version of iOS, which can be exploited by hackers, as reported by The Guardian.
Apple released an update for iOS this week, claiming fixed security bugs as well as introducing Apple Card to the US.
However, the company had unknowingly reopened a security flaw which had been fixed back in April, allowing any third-party software to be installed onto Apple devices.
According to Google’s bug-hunting team Project Zero, who discovered the problem, the security breach could allows “a malicious application … to execute arbitrary code with system privileges.”
Google Project Zero’s Ned Williamson told VICE’s Motherboard that the mistake could lead to iPhones being targeted for spyware.
“Somebody could make a perfect spyware … malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox–a mechanism that prevents apps from reaching data of other apps or the system–and steal user data.”
Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher” he added.
The problem was originally reported to Apple in March and fixed and updated by June.
Hackers and miscreants everywhere can theoretically get their software installed onto Apple devices and compromise a victim’s device.
Making it the first time in years that Apple has had an open flaw which can be taken advantage of by hackers.
It is extremely rare that self-professed high data-security companies such as Apple which use iOS become compromised.
The last time the new iOS become vulnerable to jailbreak was in 2015, only lasting for about seven days.
iPhone security expert Stefan Esser, took to twitter warning people of the hack:
“I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.”
Some users asked for clarity while others said they had no issue with the mistake.
Javvad Malik, a security awareness advocate at KnowBe4 said: “No company is immune from making mistakes, even Apple, especially when the software is so complex as the iPhone.”
“Jailbreaking iPhones can leave them open to many threats – so should not be done” he warned.
According to The Guardian who contacted Apple, iOS 12.4.1 is expected to be fixed again in a few days’ time.