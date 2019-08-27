Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Apple Fixes Jailbreak Bug For the Second Time

Apple has released a new iOS security update designed to fix a jailbreak bug which it previously addressed and then accidentally rolled back.

The flaw itself, CVE-2019-8605, is a use-after-free vulnerability credited to Ned Williamson working on the Google Project Zero team.

The flaw, which could allow an attacker to execute arbitrary code with system privileges, was first reported to Apple by Williamson back in March. Some Apple users were apparently exploiting it to jailbreak their devices in order to run unsanctioned software on their kit.

Apple subsequently patched the bug with its 12.3 iOS version in May. However, earlier this month it unwittingly reintroduced the issue with version 12.4.

Security researcher Pwn20wnd released a free public jailbreak tool exploiting the issue.

Now the problem has been fixed for the second time thanks to the 12.4.1 update released by Apple on Monday. The Cupertino giant even thanked Pwn20wnd “for their assistance” in its update.

The patch doesn’t just mitigate the risk of users jailbreaking their iPhones and iPads. The vulnerability could also theoretically have been exploited by hackers to steal data from victims’ devices.   

Public jailbreaks are pretty rare, given that the community usually tries to keep any details secret so Apple doesn’t catch wind.

However, a Chinese security researcher in January released details of a remote jailbreak for iOS 12 on the iPhone X.

Alongside iOS 12.4.1, Apple released tvOS 12.4.1, watchOS 5.3.1 and macOS Mojave 10.14.6.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
Opinion

Why the Security Industry Should Pay Attention to the Cisco Whistleblower Case

2
News

Malicious Android App Makes Double Debut On Google Play

3
News

City of London Hit by One Million Cyber-Attacks Per Month

4
News

Astronaut Accused of Committing Cybercrime in Space

5
News

Over 50,000 UK SMEs Could Collapse Following Cyber-Attack

6
News

Over Half of Social Media Logins Are Fraudulent

1
News

New Threat Group Targets Middle East

2
News

One in Four Security Pros Would Steal Company Info to Bag Better Job

3
News

UK Gov Launches £30m 5G Competition

4
News

#OSSummit: Linux Continues to Pay the Price for CPU Hardware Vulnerabilities

5
News

Apple Fixes Jailbreak Bug For the Second Time

6
News

#OSSummit: Don’t Ignore GitHub Security Alerts

1
Webinar

Mastering the Security Art of Identity, Access & Authentication

2
Webinar

Security Frameworks: How to Spearhead Careers & Bolster Cyber Defenses

3
Webinar

Reducing Cyber Risks and Complexity Through Increased Visibility

4
Webinar

How SOAR Can Improve Security Operations, Monitoring & Incident Response

5
Webinar

DNS: From Security Risk to Defensive Asset

6
Webinar

Can You be Secure by Design, Compliant and Enable Optimum Functionality?

1
Blog

Security by Sector: Cyber-Attackers Targeting the Education System

2
Interview

Interview: Adnan Baykal, Global Cyber Alliance

3
News Feature

Webinar Report: How to Spearhead Careers & Bolster Cyber Defenses

4
Webinar

How SOAR Can Improve Security Operations, Monitoring & Incident Response

5
Opinion

#HowTo Gain Visibility of Third Parties

6
News

#Alevelresults: Cybersecurity Options Appear