This vulnerability does not affect the hardware running on the A12 chip system. iPhone X will be affected. However, the iPhone XR, iPhone XS and iPhone XS Max won’t be affected.
According to foreign media reports, Apple has been fighting to ensure the security of the iOS platform. However, the company has recently made an unforgivable mistake. According to our sources, during the migration upgrade to iOS 12.4, the old vulnerabilities that Apple had patched were cracked again. This makes it possible to run unsigned code on the iPhone running the latest version of iOS.
This may be a deliberate choice (typically jailbreak behavior) of a user who wishes to access an alternate app store or access a feature that is not normally available. However, it is more likely to be maliciously used. For instance, using a vulnerability in another app that allows code to run remotely on any of the latest iPhones.
Read also: Audi’s first electric car sales exceeded expectations and became Tesla’s strongest competitor
This is a huge mistake for Apple. It cannot be overemphasized. However, some restrictions need to be noted. First, the vulnerability will not affect the hardware running on the A12 chip system. iPhone X will be affected. Unfortunately, Apple has never published sales data for new phones. Therefore, it is unclear how many users are affected.
Additionally, users need to install IOS 12.4. However, this is the time when Apple’s ability to transfer its user base to the latest version of the mobile operating system is not helpful. Unfortunately, Apple removed iOS 12.2 and 12.3 from their servers and revoked their signatures. Therefore, there was no choice but to upgrade to iOS 12.4.
For those devices that are jailbroken to facilitate access to certain features, if they use Apple’s online services, there may be persistent problems. There is no doubt that this will result in repeated checks on the devices connected to them.
In the real world, let’s put together these puzzle pieces. Users can download an app from the Apple App Store that exploits this vulnerability to “escape” the iOS sandbox provided by the operating system.
Jonathan Levin, a security researcher and trainer specializing in iOS, said: “Since iOS 12.4 is the latest version of the iOS system currently available, it is also the only version that Apple is allowed to upgrade in the next few days (until 12.4) .1 release). All devices running this version of the system (or any version below 12.3) are hackable. This means that they are also vulnerable to exploits that have actually been exposed for more than 100 days.”
Given that Apple was notified of this vulnerability by Google’s Project Zero team more than 100 days ago, people who are not friendly to Apple’s user security system are likely to be aware of this issue and may exploit it quietly in the background.