Apple Has Patched That Vulnerability That They Accidentally Unpatched…. And In The Process Show That Said Bug Was More Widespread Than Previously Thought

Yesterday, Apple released iOS 12.4.1 which was meant to patch the vulnerability that they accidentally unpached when they released iOS 12.4. If you have an iDevice, you should go download it now. Really. You should do it right now. The reason being is that this vulnerability allows one to “jailbreak” the device. Which means that one could install software from outside the App Store or customize it. But it also means that the same method that is used to “jailbreak” the device could be weaponized to take control of any iOS device by going to a compromised webpage for example. Or joining suspect WiFi.

Now what was weird was that not only did Apple release iOS 12.4.1, but they also released watchOS 5.3.1, tvOS 12.4.1, and an update to macOS 10.14.6. That sort of got my attention. Thus I did some digging. As a matter of course I read the security information that Apple posts when they release a software update, and in the security information for everything but the watchOS update, there are versions of this entry which refers to the vulnerability in question:

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel

We would like to acknowledge @Pwn20wnd for their assistance.

 

This is present in the iOS 12.4.1 security information, the tvOS 12.4.1 security information, and the security information for macOS 10.14.6. And you will notice that they also thank @Pwn20wnd for their assistance as he’s the guy who discovered this vulnerability. This means that this issue wasn’t just an iOS issue. It was a lot more widespread and a lot more people who used Apple products were at risk. I guess I shouldn’t be shocked by that as Apple software shares a fair amount of code across their various platforms. But it does mean that any and all of your iDevices needs to be updated because this isn’t just an iPhone problem.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: