iPhone users alerted to major security problem with latest iOS update

Issue could affect millions of iPads and phones

Andrew Griffin
Tuesday 20 August 2019 10:48 BST
Comments
Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California
Phil Schiller, senior vice president of worldwide marketing at Apple Inc., speaks at an Apple event at the Steve Jobs Theater at Apple Park on September 12, 2018 in Cupertino, California (Justin Sullivan/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Apple accidentally opened back up a security bug that it had previously fixed, according to security researchers.

The issue means that the latest version of the iPhone software, iOS 12.4, is insecure and hackers could find their way into people's phones, experts claim.

Since iPhones now update themselves, most that are actively used will have tried to update themselves to the latest software. As such, users are recommended to check whether their phone has upgraded to iOS 12.4 already.

Some experts have suggested that it is best to stop a phone from upgrading to the latest software if it has not done already. But iOS 12.4 also fixed a host of security errors, as well as opening up the newly reported one, meaning that users will be at risk either way.

If phones have already updated, it is not possible to downgrade. Any user with iOS 12.4 should therefore be especially vigilant about clicking on unknown links or which apps they download.

When iOS 12.3 was released, it came with a variety of bug fixes. That included a fix for a problem that had been found by Google researchers and was patched up by Apple.

But the release of iOS 12.4, in July, that fix was taken back out, according to a report from Motherboard.

It means that any iPhone that has been updated to the latest software – as advised by security experts – is vulnerable. iPhones and iPads using software older than iOS 12.3 could also be attacked.

Code that makes use of the vulnerability is being passed around publicly on the internet, allowing anyone attempting to hack the phones able to do so relatively easily.

The issue could allow developers of malicious apps to break into secure parts of the phone. That could be easier because the bug has been known about for so long, meaning that hackers and other attackers could already have developed ways to get use the security bug.

In the past, such attacks have been built into websites, meaning that users only need to be lured onto a specific page for their phone to be compromised.

It also means that it is possible to jailbreak the software, allowing people to get around Apple's restrictions on the software. iPhone users have said that those jailbreaks do work.

Apple is yet to comment on the security issue, and no new update has yet been made available.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in