If You Haven’t Updated To iOS 12.4 Yet, Here’s SIX Reasons Why You Should

iOS 12.4 has been on the streets for about a week now, and it’s now coming to light that there are six very good reasons to upgrade to it if you haven’t already. There are apparently six “zero interaction” vulnerabilities in iOS. Meaning that an attacker doesn’t need your help to take over your iDevice. Now of those six vulnerabilities, five are fixed outright in iOS 12.4. But the sixth is only partially closed. Here are the details from ZDNet:

According to the researcher, four of the six security bugs can lead to the execution of malicious code on a remote iOS device, with no user interaction needed. All an attacker needs to do is to send a malformed message to a victim’s phone, and the malicious code will execute once the user opens and views the received item.

The four bugs are CVE-2019-8641 (details kept private), CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662. The linked bug reports contain technical details about each bug, but also proof-of-concept code that can be used to craft exploits.

The fifth and sixth bugs, CVE-2019-8624 and CVE-2019-8646, can allow an attacker to leak data from a device’s memory and read files off a remote device –also with no user interaction.

Seeing as you can reduce your potential threat surface from six to one simply by installing iOS 12.4, you should install it right now if you haven’t already. Especially now that proof of concept code is out there for these five vulnerabilities. And when Apple comes out with an iOS 12.4.1 to close the sixth vulnerability, you should install that right away as well.

Now, here’s another why installing iOS 12.4 is important:

Until today, no-user-interaction iOS bugs were usually found in the arsenal of exploit vendors and makers of legal intercept tools and surveillance software. Such vulnerabilities are the holy grail of any attacker, allowing them to hack into victims’ devices undetected.

Thus if you don’t want to be that person who gets their device taken over, you should install iOS 12.4 now. As in right the hell now.

Advertisements

One Response to “If You Haven’t Updated To iOS 12.4 Yet, Here’s SIX Reasons Why You Should”

  1. […] via If You Haven’t Updated To iOS 12.4 Yet, Here’s SIX Reasons Why You Should — The IT Nerd […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: