«
»

Apple Has Patched That Vulnerability That They Accidentally Unpatched…. And In The Process Show That Said Bug Was More Widespread Than Previously Thought

Yesterday, Apple released iOS 12.4.1 which was meant to patch the vulnerability that they accidentally unpached when they released iOS 12.4. If you have an iDevice, you should go download it now. Really. You should do it right now. The reason being is that this vulnerability allows one to “jailbreak” the device. Which means that one could install software from outside the App Store or customize it. But it also means that the same method that is used to “jailbreak” the device could be weaponized to take control of any iOS device by going to a compromised webpage for example. Or joining suspect WiFi.

Now what was weird was that not only did Apple release iOS 12.4.1, but they also released watchOS 5.3.1, tvOS 12.4.1, and an update to macOS 10.14.6. That sort of got my attention. Thus I did some digging. As a matter of course I read the security information that Apple posts when they release a software update, and in the security information for everything but the watchOS update, there are versions of this entry which refers to the vulnerability in question:

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2019-8605: Ned Williamson working with Google Project Zero

Additional recognition

Kernel

We would like to acknowledge @Pwn20wnd for their assistance.

 

This is present in the iOS 12.4.1 security information, the tvOS 12.4.1 security information, and the security information for macOS 10.14.6. And you will notice that they also thank @Pwn20wnd for their assistance as he’s the guy who discovered this vulnerability. This means that this issue wasn’t just an iOS issue. It was a lot more widespread and a lot more people who used Apple products were at risk. I guess I shouldn’t be shocked by that as Apple software shares a fair amount of code across their various platforms. But it does mean that any and all of your iDevices needs to be updated because this isn’t just an iPhone problem.

This entry was posted on August 27, 2019 at 7:46 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Apple Has Patched That Vulnerability That They Accidentally Unpatched…. And In The Process Show That Said Bug Was More Widespread Than Previously Thought”

  1. iOS 15.0.1 Has A Storage Related Bug…. Just After Apple Claims They Claimed They Fixed ANOTHER Storage Related Bug | The IT Nerd Says:
    October 1, 2021 at 8:34 pm

    […] out reasonably solid software has been for a while now. Just look at these stories that I’ve written over the last few years about how their QA department lets them down. And in this case, if they […]

    Reply

Leave a Reply

%d bloggers like this: