Author Topic: Apple Releases iOS 12.4.1 to Patch Security Flaw Behind Jailbreak  (Read 182 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35127
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Apple released iOS 12.4.1 today to fix a security flaw reintroduced with the release of iOS 12.4 and used by security researcher Pwn20wnd to develop and release a jailbreak tool for up-to-date iOS devices.

The vulnerability patched today by Apple is a use after free tracked as CVE-2019-8605 targeted by the Sock Puppet exploit that was used to create jailbreak tools for iOS devices.

The flaw was discovered by Google Project Zero's Ned Williamson, was previously patched by Apple with the iOS 12.3 release from May 13, and was now re-patched in iOS 12.4.1.

Apple recognizes the jailbreak developer's contribution

As Apple's support document describing the security content of iOS 12.4.1 says, the flaw could have been abused by malicious applications which then could have been "able to execute arbitrary code with system privileges."

The use after free security issue was addressed by Apple with the introduction of improved memory management thus blocking the access of maliciously crafter apps to pointers that have already been freed.



Apple acknowledged Google Project Zero's Ned Williamson contribution in finding and fixing this security issue and provided additional recognition for Pwn20wnd's assistance.

Besides allowing jailbreak developers to add support for Apple's latest iOS versions, the flaw fixed today by Apple is also a critical vulnerability that can open the doors to attackers targeting the company's large iOS user base.



Security researcher Stefan Esser also warned iOS users that once iOS 12.4 was exploitable by iOS jailbreak developers, anyone else could also do it as well, with malicious iOS apps released through Apple's App Store also possibly taking advantage of the bug.

While this was a huge blunder from Apple's team, this security update showed that the company can also respond very quickly to severe threats exposing its users to potentially highly damaging attacks.

source