Apple has fixed a security defect after it accidentally reintroduced an old bug in a recent software update.
Released Monday, iOS 12.4.1 includes a security improvement that was first patched months earlier in IOS version12.3. Apple has given in in May, but by accident released the security patch in its latest update, iOS 12.4, in July.
In a brief security advisory announced after the software’s release, Apple told it fixed a kernel vulnerability that might have provided an attacker to execute code on an iPhone or iPad with the highest level of privileges.
These privileges, also called system or root privileges, can open up a device to running apps that aren’t usually supported by Apple’s strict rules. Known as jailbreaking, apps can use entry parts of a tool that are generally off-limits. On the one hand, that will enable users to customize their devices extensively; however, it can additionally expose the device to malicious software, like malware or spyware apps.
Spyware apps often depend on undisclosed jailbreak exploits to get access to a user’s messages, track their location, and listen to their calls without their information. Nation-states are known to hire mobile spyware makers to remotely install malware viruses on the devices of activists, dissidents, and journalists. Washington Post journalist Jamal Khashoggi, who was the victim of murder by agents of the Saudi regime, is assumed to have been targeted by mobile spyware, according to reports. The company blamed of providing the spyware, Israel-based NSO Group, has rejected any obligation.
Apple approved it pushed out a fix in its safety notes, which included a short acknowledgment to Pwn20wnd, the staff that confirmed last week that its jailbreak was working again.
The same kernel vulnerability was fixed in a supplemental update for macOS 10.14.6.