Skip to main content

Apple Releases iOS 12.4.1, Fixing Major Security Bug

Two iPhones.
(Image credit: Tom's Guide)

Apple made up for last week's embarrassing mistake by pushing out an emergency patch for iOS today (Aug. 26). The update closes a hole that the company unintentionally re-opened with iOS 12.4.

The new version, iOS 12.4.1, fixes a flaw found by Google Project Zero's Ned Williamson that let a "malicious application ... execute arbitrary code with system privileges." But the 12.4.1 update also appears to negate the "unc0ver" jailbreak created by pseudonymous Apple hacker Pwn20wnd and released a week ago.

"We would like to acknowledge @Pwn20wnd for their assistance," Apple said in its release notes for iOS 12.4.1

For his or her part, Pwn20wnd tweeted, "iOS 12.4.1 is OUT. Do *NOT* upgrade to it," followed a short time later by "I can confirm the exploit was patched in iOS 12.4.1 - - Stay on iOS 12.4!"

Of course, upgrading to iOS 12.4.1 is precisely what you should do if you don't want to jailbreak your iPhone or iPad. Jailbreaking is fun because you can tweak your iDevice's software and install unauthorized apps, but it also leaves your iPhone or iPad vulnerable to malware. Even browsing to a specially crafted website could be enough to compromise your iDevice.

Every iOS upgrade patches some new security flaws. But in this case, 12.4 reversed one patch that had been issued with 12.3, which Pwn20wnd found. That meant that iOS 12.3 was protected, while 12.4 was not. 

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.