Apple began distributing a new version of its iOS 12 mobile operating system that solves a vulnerability detected by Google’s Project Zero experts and that allowed to execute malicious code and gain permission from the device.
The new version, which has been called iOS 12.4.1, does not include major modifications to the operation of the operating system, and is distributed as of Monday as an official update. Apple thanked on its support page the contribution of researcher Ned Williamson of Project Zero and user Pwn20wnd in discovering the problem.
The vulnerability, known as CVE-2019-8605, allowed an operating system gap to be exploited with which it was possible for an attacker to execute code arbitrarily and access system privileges. The new version of iOS 12.4.1 patches this security flaw.
The “exploit” that took advantage of this gap was published by hackers on the network on August 19, as Pwn20wnd discovered, and it was a “jailbreak” – the process of removing some of the limitations imposed by Apple on its systems – that It could work as a spyware malware and that although it had been fixed in the previous version (12.3), it reappeared again in iOS 12.4, as Motherboard collects.
The iOS 12.4.1 update is now available for iPhone 5s and later phones, iPad Air and later tablets, and the sixth generation iPod Touch. Apple has also distributed the updates tvOS 12.4.1, watchOS 5.3.1 and a complementary version of macOS Mojave 10.14.6 that solves the problem in the rest of its own systems.