Apple accidentally opened back up a security bug that it had previously fixed, according to security researchers.
Since iPhones now update themselves, most that are actively used will have tried to update themselves to the latest software. As such, users are recommended to check whether their phone has upgraded to iOS 12.4 already.
Some experts have suggested that it is best to stop a phone from upgrading to the latest software if it has not done already. But iOS 12.4 also fixed a host of security errors, as well as opening up the newly reported one, meaning that users will be at risk either way.
If phones have already updated, it is not possible to downgrade. Any user with iOS 12.4 should therefore be especially vigilant about clicking on unknown links or which apps they download.
When iOS 12.3 was released, it came with a variety of bug fixes. That included a fix for a problem that had been found by Google researchers and was patched up by Apple.
But the release of iOS 12.4, in July, that fix was taken back out, according to a report from Motherboard.
It means that any iPhone that has been updated to the latest software – as advised by security experts – is vulnerable. iPhones and iPads using software older than iOS 12.3 could also be attacked.
Code that makes use of the vulnerability is being passed around publicly on the internet, allowing anyone attempting to hack the phones able to do so relatively easily.
The issue could allow developers of malicious apps to break into secure parts of the phone. That could be easier because the bug has been known about for so long, meaning that hackers and other attackers could already have developed ways to get use the security bug.
In the past, such attacks have been built into websites, meaning that users only need to be lured onto a specific page for their phone to be compromised.
It also means that it is possible to jailbreak the software, allowing people to get around Apple's restrictions on the software. iPhone users have said that those jailbreaks do work.
Apple is yet to comment on the security issue, and no new update has yet been made available.
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies