Apple attaches great importance to update their operating systems and it instills the same sense to its users. Therefore, Apple always suggest to install all updates without exception, even if they are, at first glance, do not include new features. The company explained it is safety reasons because virtually every new build of the OS contains corrections of certain vulnerabilities. But sometimes something goes wrong and updates instead of protect, expose users to serious risk.
To run iOS 12.4, it became possible for randomly returning a vulnerability, which Apple has fixed in one of previous updates. Hackers from the team pwn20wnd took advantage of this and released a hacking tool Unc0ver, exploiting the very flaw of the operating system.
How to jailbreak
The news that iOS 12.4 is officially vulnerable and can be hacked, has become a significant event for the entire industry, because in recent years the concept of jailbreaking has virtually ceased to exist due to the high level of iOS security. Even though iPhone XR, XS and XS Max invulnerable to Unc0ver for hardware security Core Trust, all other iPhone and iPad are still exposed to hacking, which can be done even without a computer.
See also: New vulnerability allows you to spy for Apple devices via Bluetooth
Whether it is dangerous? Of course, Yes. Despite the fact that Apple is usually set to steal paid apps, there are many other scenarios for its use. For example, thanks to the jailbreak is possible to open other vulnerabilities in the operating system, not to mention the fact that on a jailbroken gadget easier to install malware to spy on the user.
Vulnerabilities in iOS
In General, the fact that Apple accidentally removed the protection from the vulnerability, which was fixed a few months ago, is genuine bewilderment. It seems incredible that in Cupertino have made the mistake and actually put criminals into the hands of mechanism hacking iOS. Experts say that developers in the design of iOS 12.4 just used part of the code one of the previous builds of the OS, which contained an unpatched vulnerability. But worst of all, this is not the first case when from-for errors of iOS users at risk of hacking.
Subscribe to our channel at Yandex.Zen. Every day there are exclusive materials that are not on the website.
The examples are not far to seek. Only in the last couple of months in iOS found several vulnerabilities that allow to hack the operating system and install surveillance users. For example, in iMessage has been found a bugthat allowed to send to the device the victim of malicious component to track his actions. In this case the user himself to do anything it was not necessary — everything happens automatically regardless of his will.
In General, the problem of surveillance has been a sore point for iOS users. Another similar case occurred in July. Then in the Bluetooth Protocol has a vulnerability that could be used to track the movements of users. She hid in the mechanism of generation of Mac addresses, changing at random. However, due to the desync that happened from time to time, hackers have the opportunity to predict new address and thus identify a particular person among hundreds of others.
What it is: incompetence or negligence? A simple answer to this question is difficult. On the one hand, from errors nobody is insured. But when your actions affect the safety of millions of users, perhaps we should approach the issue of testing and debugging more carefully. Well, until the only thing you can and should hope for is iOS 12.4.1, which most likely will be released from day to day and fix what had once been fixed. If only the new vulnerabilities are not hoisted.