The newest iOS update, iOS 12.4, has accidentally unpatched an old security flaw that it had previously addressed, researchers have found.
If your iPhone is running iOS 12.4 — and since it auto-updates, it likely is — then your device will be affected by this flaw. Although hacking an iPhone is no easy thing, this security risk makes it theoretically possible for a hacker to jailbreak an iPhone using a compromised app. Needless to say, Apple is hard at work fixing the issue with a further patch update.
We explain what the security issue is, and what steps Apple is taking to address it (again).
How the iOS Security Flaw Works
Motherboard reported on the flaw a few days ago, after it was identified by security researchers. It's the same flaw that a Google hacker had previously uncovered, and that was initially fixed with iOS 12.3.
This makes it more dangerous than a normal flaw, since bad actors will potentially have had more than 100 days to become aware of it.
“Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (until 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable,” Jonathan Levin, a security researcher and trainer, told Motherboard.
The flaw allows iPhones to be jail-broken, which in turn makes the phones easier to hack remotely. Granted, it's still pretty tough to remotely hack a phone, but with this vulnerability, it's easier than it has been for a long time.
Sit tight, iOS users. Although the chances of anything going wrong are extraordinarily small, iPads and iPhones running iOS 12.4 are sitting ducks until the new update is out.
iOS 12.3 Has Further Flaws
So the solution seems simple, right? Just don't update your iPhone to iOS 12.4? Well, not so much. If you're sitting pretty on the earlier iOS 12.3, then that too has security issues.
In fact, the 12.4 update itself fixed five other security bugs that the 12.3 version had left open.
Whether you stay on the previous iteration of iOS or you upgrade to the new one, you remain theoretically at risk.
Essentially, there's no good move here other than taking a little time out of your day to meditate on the inevitable impossibility of remaining completely secure online in the modern era.
What You Can Do
There is one best practice that can help iOS users stay a little bit safer – don't download any new apps until you're safely using the iOS 12.4.1 update.
While it's unlikely, a rogue app could include a version of the jailbreak that takes advantage of the 12.4 security flaw. Hackers are very likely to be working out how to take advantage of this flaw, experts agree. As long as you don't download anything new, you'll minimize your risk.
As the experts always say, cybersecurity is a constant arms race. It looks like Apple just lost a round.
Read more of the latest tech news from Tech.co