At Komando.com, we regularly advise users to upgrade to the latest versions of their phone or tablet’s respective operating systems. Not only does this keep your device fresh with the latest features and options, but it also helps secure it from zero-day vulnerabilities, hacks and exploits.
That said, it’s not abnormal to run into bugs in the process. Sometimes, a security update will be urgently released before more serious bug testing can occur, leaving users with a system that’s safe, but prone to crashing, for example. Even in this case, the pros outweigh the cons in terms of updating. A safer system is a better system, after all.
But sometimes, new updates will have security flaws of their own. One of the most recent updates to Apple’s iOS accidentally rolled back a critical safeguard that prevents a device from having its operating system modified. Now, they’ve released another update to clean up the mess before hackers can take advantage of the threat. If you recently updated your iOS device, here’s what you need to know to get the latest patch and safeguard your device from harm.
A “broken” update?
Updated 08/28/2019: In response to the new vulnerability, Apple has released iOS 12.4.1. This patch removes the exploit that could allow a phone to be jailbroken. Apple is advising any and all iOS users to update to the latest version as soon as possible.
According to reporting from Vice, a number of prominent security researchers have found that the latest software update from Apple breaks a patch released in May that safeguarded iOS against a process known as Jailbreaking.
This occurs when an exploit is used to gain access to the “root” of the device’s operating system, which allows a user (or hacker) to tweak and change iOS, install unauthorized software and make modifications to the functions of the phone.
In response to this rollback of protections, security researcher and iPhone tweaker pwn20wned released a “jailbreak” package for users interested in customizing their devices. Installing this package, however, does put your phone at risk of malware or worse — since the normal safeguards that only allow Apple-approved software to install are removed by the jailbreak.
The reappearance of this exploit is highly unusual, as Apple is normally very determined to stamp out jailbreaking and unauthorized modifications to its devices in any form. The rollback of this critical security patch, it seems, may have been an oversight on the part of developers.
As of now, there’s no telling when a new update will be made available to backtrack the issue, so security experts are urging iOS users to take extreme caution when downloading apps from the App Store.
I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what Apps they download from the Apple AppStore. Any such app could have a copy of the jailbreak in it.
— Stefan Esser (@i0n1c) August 19, 2019
Why is this “jailbreak” exploit dangerous for me?
If a hacker or cybercriminal decided to bundle an app with malware that takes advantage of the exploit, there’d be no way for users to know.
This is the same method that forms of Android malware have used to infiltrate phones, and usually, Apple’s moderation keeps these sketchy apps in check. When the security issue is coming from the top down, however, protecting users becomes a far more dicey prospect.
This isn’t the first time that iOS has been “jailbroken” by hackers, either. In fact, the process was extremely common during the early days of iOS, when features were more limited and devices less secure.
Several well-loved features like deleting pre-installed apps, screen recording and icon folders were all custom jailbreak tweaks before Apple made them official, so the process isn’t inherently bad or dangerous.
What jailbreaking does do, however, is allow your device to accept and install software that it wouldn’t be able to normally.
As mentioned above, if a hacker was intent on compromising your phone, all they’d need to do is tweak an App Store app to exploit the vulnerability, remotely jailbreak your device and install malware without your permission. Whether or not that’s worth some custom icons or themes is up to the user to decide.
To keep yourself safe, all you’ll need to do is download the latest security update from Apple. To access it, simply open your device and navigate to Settings, then General, followed by Software Update. When the update is finished loading, tap Download and Install to continue. Just make sure to back up your personal data prior to updating.
In light of this oversight, though, you shouldn’t avoid keeping your phone up to date in the future. While glitchy updates may be released on occasion, the benefits of having the latest security updates are almost always worth the potential drawbacks.