Recently, Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers and allowing the jailbreak of the devices.
Experts discovered that the iOS version 12.4 released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previously fixed in iOS 12.3.
A public Jailbreak for iPhones in was published by the Pwn20wnd hacker, it works with the latest version of the iOS mobile operating system. Google Project Zero expert Ned Williamson confirmed that the jailbreak worked on his iPhone.
The flaw potentially exposed iPhone devices running 12.4 version and older iOS versions (any 11.x and 12.x below 12.3) to the risk of a hack until the 12.4.1will be released.
Now Apple has released an emergency patch to address the CVE-2019-8605 kernel issue, the fix is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
“A malicious application may be able to execute arbitrary code with system privileges,” reads the advisory published by Apple. “A use after free issue was addressed with improved memory management.”
The vulnerability was initially reported by Google Project Zero white hacker Ned Williamson, who also published an exploit for iOS 12.2, dubbed “SockPuppet,” after the first patch was released.
The expert Pwn20wnd confirmed that the emergency patch released by apple definitively addressed the CVE-2019-8605 vulnerability.
Apple has also released security updates to address the kernel issue in macOS Mojave and tvOS.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – CVE-2019-8605, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
This website uses cookies.