The unforgivable mistake of Apple threatens millions of iPad and iPhone users



[ad_1]

<div _ngcontent-c15 = "" innerhtml = "

Apple is in an ongoing struggle to keep the iOS platform secure, and he made a mistake who blew open the entire platform. This weekend, it was revealed that Apple had been neglected and that an old vulnerability on which a fix had been applied had been fixed since switching to iOS 12.4. it is possible that an iPhone running the latest version of iOS will execute unsigned code.

This could be an intentional choice of users wishing to access other application stores or unexposed features (classic jailbreak), but it is more likely that it will be used for malicious purposes, for example. to use a bug in another application that allows remote code execution on any iPhone update.

People cross the street under a billboard advertising the Apple iPhone X on August 15, 2018 in Istanbul, Turkey (photo by Chris McGrath / Getty Images)

Getty

It can not be overemphasized that this is a serious mistake on the part of Apple. & Nbsp; That said, there are some limitations to note. First of all, the vulnerability does not affect the hardware running on the system A12 on chip, it is the iPhone X that will be impacted, but not the iPhone XR, XS or XS Max. Unfortunately, Apple has never released sales figures for new phones. The number of users protected by the evolution of the material is not known.

You must also have iOS 12.4 installed. This is a time when Apple's ability to move from the user base to the latest version of the mobile operating system is not useful (although it is when deploying the supposed iOS 12.4.1 patch) appointed). Unfortunately, Apple removed iOS 12.2 and 12.3 from its servers and revoked their signatures; there is no choice but to upgrade to version 12.4.

And for those who jailbreak their devices for their own use, they may have persistent problems if they use Apple's online services, which will probably double-check the devices that connect them.

The advertisement is displayed on a gigantic canvas for the iPhone X at the Louvre on February 02, 2018 in Paris, France (photo by John van Hasselt / Corbis via Getty Images)

Getty

In reality, let's add together these pieces of the puzzle … you can download an app from the App Store that exploits this exploit to "escape" the iOS sandbox that an application is provided by the system. ; operating. & Nbsp;Lorenzo Franceschi-Bicchierai reports:

"Due to the fact that 12.4 is the latest version of iOS currently available and that Apple is the only one to allow the upgrade to the next few days (until the release of 12.4.1), all devices in this release (or any .x version below 12.3) are reprehensible, which means they are also vulnerable to an exploit of more than 100 days, "said Jonathan Levin, a security researcher and trainer specializing in iOS, by mentioning that this vulnerability can be exploited. with the code that was found more than 100 days ago.

Since Apple had been informed of this bug more than 100 days ago by Google's Project Zero team, it is likely that elements that are not conducive to the ethics of the security of Apple users are aware of the problem and may possibly use it discreetly in the background. In the meantime, if you are using iOS 12.3, do not upgrade to version 12.4 to stay protected in the next few days.

Apple's public relations team has been contacted for comment. Presumably, the development team is working quickly to deploy iOS 12.4.1, which will reapply the patch application, now that the horse is gone.

Read now how a physical problem threatens countless MacBook Pro …

">

Apple continues to fight to secure the iOS platform and made an error that caused the opening of the entire platform. This weekend, it was revealed that Apple had been neglected and that an old vulnerability that had been fixed had been corrected when switching to iOS 12.4, so it is possible for an iPhone running the very latest iOS version to run unsigned code.

This could be a deliberate choice of users wishing to access other application stores or unexposed features (classic jailbreak), but it is more likely to be used maliciously, for example using a bug in another application that allows remote code execution. on any iPhone update.

People cross the street under a billboard advertising the Apple iPhone X on August 15, 2018 in Istanbul, Turkey (photo by Chris McGrath / Getty Images)

Getty

It can not be overemphasized that it is a serious error Apple. That said, there are some limitations to note. First of all, the vulnerability does not affect the hardware running on the system A12 on chip, it is the iPhone X that will be impacted, but not the iPhone XR, XS or XS Max. Unfortunately, Apple has never released sales figures for new phones. The number of users protected by the evolution of the material is not known.

You must also have iOS 12.4 installed. This is a time when Apple's ability to move from the user base to the latest version of the mobile operating system is not useful (although it is when deploying the supposed iOS 12.4.1 patch) appointed). Unfortunately, Apple removed iOS 12.2 and 12.3 from its servers and revoked their signatures; there is no choice but to upgrade to version 12.4.

And for those who jailbreak their devices for their own use, they may have persistent problems if they use Apple's online services, which will probably double-check the devices that connect them.

The advertisement is displayed on a gigantic canvas for the iPhone X at the Louvre on February 02, 2018 in Paris, France (photo by John van Hasselt / Corbis via Getty Images)

Getty

In the real world, let's add these puzzle pieces … you can download an application from the App Store that exploits this exploit to "escape" the iOS sandbox given by the operating system to an application. Lorenzo Franceschi-Bicchierai reports:

"Due to the fact that 12.4 is the latest version of iOS currently available and Apple is the only one to allow the upgrade to the next few days (until the release of version 12.4.1), all this version (or any version 11.x and 12x below 12.3) is reprehensible, which means that they are also vulnerable to an exploit of more than 100 days, "said Jonathan Levin, researcher in security and trainer specializing in iOS, evoking the fact that this vulnerability can be exploited. with the code that was found more than 100 days ago.

The Google Project Zero team having informed Apple of the existence of this bug more than 100 days ago, there is probably a good chance that elements that are not compliant with the security ethic Apple users are aware of the problem and can possibly use it in the background. In the meantime, if you are using iOS 12.3, do not upgrade to version 12.4 to stay protected in the next few days.

Apple's public relations team has been contacted for comment. Presumably, the development team is working quickly to deploy iOS 12.4.1, which will reapply the patch application, now that the horse is gone.

Read now how a physical problem threatens countless MacBook Pro …

[ad_2]

Source link