iOS 12.4 Security Flaw Allows Unsigned Code Execution

iOS 12.4 reverts a security fix made in version 12.3, allowing unsigned code to be executed. Apple will fix this issue with the iOS 12.4.1 release.

Apple has been rushing to release iOS updates. These hasty updates have resulted in regressive defects. Apple engineers are reintroducing defects that were fixed in previous releases.

The iOS 12.4 release reintroduces a regressive security defect that was fixed in iOS 12.3. The defect allows execution of unsigned code. Basically, this means that every iOS device running iOS 12.4 is jailbroken. Users can download apps from third-party app stores, for now.

It’s not advisable to jailbreak your iOS device or download apps outside of the App Store. Third-party app stores may feature apps with malicious code. Their apps are not scrutinized for security issues and developers are allowed to implement features with poor security, which the App Store would reject.

For the most part, users download apps from the App Store. Most iOS users are unaware that third-party app stores, like Cydia, even exist.

It’s important to note that iOS 12.4 is not the only version affected by this security flaw. The bug affects all versions of iOS 11 and anything below iOS 12.3. If you’re on iOS 12.3, stick with it. If you already upgraded to iOS 12.4, it’s a good idea to install iOS 12.4.1 as soon as it’s released.

Not all iPhones are affected by this issue. If you have a new iPhone with an A12 processor, the defect does not affect you. These models include the iPhone XR, XS and XS Max. All other iOS devices are vulnerable to this flaw.

It’s important to note that this security flaw will likely not be exploited. It’s possible that a malicious website could fool you into installing unsigned code, but it’s not easy. Just make sure to only install apps from the App Store, and you should be safe. This flaw has been in iOS for over a year, and hasn’t caused problems. It’s still a good idea to install iOS 12.4.1 as soon as possible.

Leave a comment

Your email address will not be published.