An Apple’s Core Gone Rotten: Apple’s New Major Security Bug

apple security bug iPhone

Does anyone remember jailbreaking? You know, “hacking” your iPhone to enable the download of unapproved, unvetted software? Jailbreaking was the best way to customize your iPhone.

Of course, you can still jailbreak your iPhones and iPads, but it’s not as relevant as it was back in 2011-2013. Plus, Apple has improved security-wise, meaning jailbreaking has become more and more difficult with very iOS update. Until now.

With the latest iOS update, iOS 12.4, jailbreaking is now as easy as ever, but there’s a catch. That catch? Security.

A Recurring Issue

The funny thing about this bug is that Apple has issued a fix for it in the past, when Google’s Zero Day Team—the same ones from the Microsoft mishap—pointed out the flaw, prompting Apple to fix it in iOS 12.3.

However, it seems that this work was for naught, as one major update later, Apple has reintroduced the issue to their devices. And while some may jump for joy that customizing their iPhones will be easier than ever now, there is a major security risk involved here. Jailbreaking counts on system vulnerabilities and this is no different.

Malicious Execution

iOS 12.4 introduced ta flaw in the code of Apple’s devices that allow hackers to break into someone’s device by using malicious software to install malware/ransomware/loggers/etc.

In fact, users have already gone out of their way to show off this vulnerability, dubbed SockPuppet. One video shows someone jailbreaking a phone in less than 4 minutes, meaning your iPhone could be hacked in less time than it takes for you put contacts in.

How the flaw works is that any code the hacker installs onto the targeted device can be run with system(admin) privileges, AKA full access to the root of the system. Any file, any software, anything.

Now, it’s clear that Apple messed up somewhere on this update, but the blame can be put on quality control, which is strange, considering Apple is known for their quality control above all else. Well, they can’t all be winners, right?

You might be asking how this exploit was found, and the answer is GitHub. Yes, a user on GitHub shared the exploit around the site, letting the whole world know that Apple’s devices were, in fact, exposed. I’m betting that Apple isn’t very happy right now.

Internet Hacking - Netspionage

Past Mistakes

Apple has a strange relationship with bugs and security patches. Does anyone remember that one bug that let you crash your friend’s phone by sending a specific symbol? The Telugu symbol that overloaded your friend’s iPhone? Good times.

Oh! How about when iOS 11 got rid of the letter “I” from people’s phones? Man was I glad to be with Android during that whole debacle!

But the strangest of all bugs is when charging your Apple Pencil would remove your ability to unlock your car. Now, I can’t pin that entirely on Apple since wireless charging has always carried the capability of messing with other wireless communications, but I find it funny nonetheless.

What is the point of me explaining all this? I think Apple—when they mess up—do it in the most spectacular fashion. Nothing but love for the company, but man is it fun to read about.

This whole jailbreaking bug though will be fixed soon anyways. If Apple cares about one thing, it’s keeping a tight lid on user customizability, AKA no customizing, which jailbreaking allows. Also the whole, you know, security vulnerabilities thing. That’s also pretty important, but only a little bit. Apple’s mistreatment of VPNs for iOS make me think security isn’t their number one priority, so I think customizability is their main rival.

For real though, the fact that a once-patched bug has risen from the dead in order to haunt Apple is funny in the worst way possible, and I sincerely hope they fix it soon. In the meantime, I’ll be testing this jailbreaking thing out myself and seeing what I am capable of changing on my iPad.

Even More Stories You May Like (courtesy of Google)

Comments are closed.