Apple's Unforgivable Mistake Threatens Millions Of iPad And iPhone Users

From Forbes: Apple is in a continuing fight to keep the iOS platform secure, and it has made a mistake that has blown open the entire platform. This weekend it was revealed that Apple has been sloppy, and an old vulnerability that was patched over has been broken in the move to iOS 12.4, so it is possible for a iPhone running the very latest version of iOS to run unsigned code.

That could be an intentional choice by users wanting to access alternate app stores or access functions not normally exposed (a classic jailbreak) but it is more likely to be used maliciously, for example using a bug in another application that allows code to be run remotely on any up to date iPhone.

It cannot be stressed enough that this is a huge mistake by Apple. That said there are some limitations to note. First of all the vulnerability does not affect hardware running on the A12 system on chip - the iPhone X will be impacted, but not the iPhone XR, XS, or XS Max. unfortunately Apple has never released sales figures for the newer handsets so how many users are protected by hardware evolution is not known.

You also need to have iOS 12.4 installed. This is one moment in time where Apple’s ability to shift its user base to the latest version of the mobile operating system is not helpful (although it will be helpful when the presumptively named iOS 12.4.1 patch is rolled out). Unfortunately has Apple pulled iOS 12.2 and 12.3 from its servers and revoked their signatures, so there is no choice but to update to 12.4.

View: Article @ Source Site