Skip to main content

Apple patches previously-fixed security bug that allowed iOS 12.4 jailbreak

Apple has fixed a security flaw for a second time after it accidentally reintroduced an old bug in a recent software update.

iOS 12.4.1, released Monday, contains a security fix that was first patched months earlier in iOS 12.3. Apple rolled out a fix in May, but accidentally undid the security patch in its latest update, iOS 12.4, in July.

In a brief security advisory published after the software’s release, Apple said it fixed a kernel vulnerability that could have allowed an attacker to execute code on an iPhone or iPad with the highest level of privileges.

Those privileges, also known as system or root privileges, can open up a device to running apps that are not normally allowed by Apple’s strict rules. Known as jailbreaking, apps can access parts of a device that are normally off-limits. On one hand that allows users to extensively customize their devices, but it can also expose the device to malicious software, like malware or spyware apps .

Spyware apps often rely on undisclosed jailbreaks exploits to get access to a user’s messages, track their location, and listen to their calls without their knowledge. Nation states are known to hire mobile spyware makers to remotely install malware on the devices of activists, dissidents, and journalists. Washington Post journalist Jamal Khashoggi, who was murdered by agents of the Saudi regime, is believed to have been targeted by mobile spyware, according to reports. The company accused of supplying the spyware, Israel-based NSO Group, has denied any involvement.

Apple confirmed the fix in its iOS 12.4.1 security notes, which included a short acknowledgement to Pwn20wnd, the team which confirmed last week that its jailbreak was working again.



from Apple – TechCrunch https://ift.tt/31YyKGu

Comments

Popular posts from this blog

Thousands of cryptocurrency projects are already dead

Two sites that are actively cataloging failed crypto projects, Coinopsy and DeadCoins , have found that over a 1,000 projects have failed so far in 2018. The projects range from true abandonware to outright scams and include BRIG , a scam by two “brothers,” Jack and Jay Brig, and Titanium , a project that ended in an SEC investigation. Obviously any new set of institutions must create their own sets of rules and that is exactly what is happening in the blockchain world. But when faced with the potential for massive token fundraising, bigger problems arise. While everyone expects startups to fail, the sheer amount of cash flooding these projects is a big problem. When a startup has too much fuel too quickly the resulting conflagration ends up consuming both the company and the founders and there is little help for the investors. These conflagrations happen everywhere are a global phenomenon. Scam and dead ICOs raised $1 billion in 2017 with 297 questionable startups in the mix. The

Dance launches its e-bike subscription service in Berlin

German startup Dance is launching its subscription service in its hometown Berlin. For a flat monthly fee of €79 (around $93 at today’s exchange rate), users will get a custom-designed electric bike as well as access to an on-demand repair and maintenance service. Founded by the former founders of SoundCloud and Jimdo , the company managed to raise some significant funding before launching its service. BlueYard led the startup’s seed round while HV Capital (formerly known as HV Holtzbrinck Ventures) led Dance’s €15 million Series A round, which represented $17.7 million at the time. E-bike subscription service Dance closes $17.7M Series A, led by HV Holtzbrinck Ventures The reason why Dance needed so much capital is that the company has designed its own e-bike internally. Called the Dance One, it features an aluminum frame and weighs around 22kg (48.5lb). It has a single speed and it relies on its electric motor to help you go from 0 to 25kmph. And the best part is that you