BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

This Startup Wants To Be OpenAI Of Stem Cell Therapy, Targets $250B Market
Israeli Startups Have Raised $3.1 Billion Since October 7
Artificial General Intelligence Or AGI: A Very Short History
Why Are Tech Leaders Happy To Participate In AI And AGI Washing?
5 History Lessons For Nvidia From The 80-Year History Of AI
$1 Trillion Question: Will Nvidia Dominate The Coming Ubiquitous AI Era?
Edit Story
InnovationEnterprise & Cloud

iPhone Alert: Apple Accidentally Introduced A Critical Security Vulnerability In New iOS 12.4

Jeb Su
Subscriber
Principal Analyst and Technology Futurist at Atherton Research
Following
This article is more than 4 years old.
Tweet This

Getty

The latest version of Apple’s mobile operating system released late last month reintroduced a critical security bug that makes all iPhones and iPads that updated to iOS 12.4 vulnerable to malicious hackers.

The vulnerability dubbed SockPuppet was first discovered by Ned Williamson, a security researcher at Google Project Zero and was subsequently patched by Apple when it released iOS 12.3 on May 13, or 99 days ago.

The security flaw lets a malicious hacker take over almost any iPhone or iPad

The security flaw makes it possible for a malicious application to execute any code with system privileges on iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and install ransomware, malware, spyware or any kind of piece of software really.

To put it simply, this is one of the highest levels of security criticality you can get and its mind-blowing that Apple has reintroduced the vulnerability in the July 22 release of the latest version of its mobile operating system, iOS 12.4.

On Monday, a security researcher known as Pwn20 published on GitHub an exploit, with the associated source code, that took advantage of the vulnerability to break into an iPhone, also known as jailbreak, in just a few minutes.

I've contacted Apple's public relations representatives and will update the story as they reply back.

The vulnerability was already used to jailbreak iPhones in minutes

Below is a video that explains how to jailbreak an iPhone running iOS 12.4 using Pwn20's exploit:

You can also find more about Pwn20's exploit on the jailbreak group on Reddit.

Atherton Research Insights

The reintroduction of such a critical security vulnerability shows that there was something wrong that happened during the software quality validation process at Apple: The bug was known, successfully corrected and deployed in the iOS 12.3, but then reintroduced on version 12.4.

This is just mind-blowing.

But the worse is yet to come for iPhone, iPad, and iPod touch users that are running the latest version of iOS as Apple has not issued a fix as of the time of this report.

 

Follow me on LinkedInCheck out my website
Jeb Su
Jeb Su