- Apple recently released iOS 12.4.1, which fixes a vulnerability that could have potentially allowed a malicious app to execute code on a device
On Monday, Apple released iOS 12.4.1. Apple iOS 12.4.1 fixes a vulnerability that could have potentially allowed a malicious application for executing code on a device. This update was released about a week after Apple accidentally unpatched a vulnerability that was already fixed.
And on August 19th, a security researcher code-named Pwn20wnd had published a jailbreak for iOS 12.4 on GitHub. Pwn20wnd told Vice that “somebody could make a perfect spyware” due to Apple’s mistake. And Google information security engineer Ned Williamson had confirmed with Vice that the jailbreak worked on his iPhone XR.
When an iPhone is jailbroken, it allows users to customize their iOS devices and run apps that are outside of the Apple App Store. Apple warned that those hacks could lead to security vulnerabilities, data loss, and device crashes.
“Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable—which means they are also vulnerable to what is effectively a 100+ day exploit,” said security researcher Jonathan Levin in an interview with Vice.
iOS 12.4.1 fixes this vulnerability as it is considered an emergency fix for the vulnerability becoming unpatched in iOS 12.4.
In the security update for Apple iOS 12.4.1 acknowledged Williamson and Pwn20wnd for identifying the problem. And the security update acknowledged that “a malicious application may be able to execute arbitrary code with system privileges.”
So I would highly recommend that you update right away.