Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California
Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California

iPhone users alerted to major security problem with latest iOS update

Issue could affect millions of iPads and phones

Andrew Griffin@_andrew_griffin
Tuesday 20 August 2019 10:48
comments

Apple accidentally opened back up a security bug that it had previously fixed, according to security researchers.

The issue means that the latest version of the iPhone software, iOS 12.4, is insecure and hackers could find their way into people's phones, experts claim.

Since iPhones now update themselves, most that are actively used will have tried to update themselves to the latest software. As such, users are recommended to check whether their phone has upgraded to iOS 12.4 already.

Some experts have suggested that it is best to stop a phone from upgrading to the latest software if it has not done already. But iOS 12.4 also fixed a host of security errors, as well as opening up the newly reported one, meaning that users will be at risk either way.

If phones have already updated, it is not possible to downgrade. Any user with iOS 12.4 should therefore be especially vigilant about clicking on unknown links or which apps they download.

When iOS 12.3 was released, it came with a variety of bug fixes. That included a fix for a problem that had been found by Google researchers and was patched up by Apple.

But the release of iOS 12.4, in July, that fix was taken back out, according to a report from Motherboard.

It means that any iPhone that has been updated to the latest software – as advised by security experts – is vulnerable. iPhones and iPads using software older than iOS 12.3 could also be attacked.

Code that makes use of the vulnerability is being passed around publicly on the internet, allowing anyone attempting to hack the phones able to do so relatively easily.

The issue could allow developers of malicious apps to break into secure parts of the phone. That could be easier because the bug has been known about for so long, meaning that hackers and other attackers could already have developed ways to get use the security bug.

In the past, such attacks have been built into websites, meaning that users only need to be lured onto a specific page for their phone to be compromised.

It also means that it is possible to jailbreak the software, allowing people to get around Apple's restrictions on the software. iPhone users have said that those jailbreaks do work.

Apple is yet to comment on the security issue, and no new update has yet been made available.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments