Tuesday September 17, 2019
Home Lead Story Apple ‘Bug’ P...

Apple ‘Bug’ Puts iPhones with Latest iOS to Hacking Risk

The announcement was made by Ivan Krstic, Head of security engineering and architecture at Apple, during the annual Black Hat security conference in Las Vegas

0
//
Apple, Campus, China
A customer is entering the Apple store in Fairfax, Virginia. VOA

Apple has reportedly unpatched a bug in the latest iOS update 12.4 that it had fixed in the earlier iOS 12.3 update — leaving its most up-to-date iPhones vulnerable to hacking risk.

According to Motherboard, security researchers have already exploited the vulnerability in iOS 12.4 and released a public “jailbreak” on open-sourced software development platform Github — the first free public jailbreak for a fully-updated iPhone that’s been released in years.

As a result of the mistake, all iPhones running iOS 12.4 can now be jailbroken and several iPhone users have already tweeted that they are successfully running the “jailbreak”.

Jailbreaking an iPhone lets people customize their iOS devices and run unsupported apps.

Apple never allows unsupported apps on its iOS platform, which makes its devices extra secure.

The Cupertino-based tech giant was yet to respond to this.

Apple had fixed this flaw, found by a Google hacker, in the earlier iOS 12.3 version.

Smartphones
iPhones on display at an Apple store in Virginia, USA, April 4, 2016. VOA

“Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version are jail breakable and vulnerable to what is effectively a 100+ day exploit,a Jonathan Levin, a security researcher was quoted as saying.

A security research that goes by the name of “Pwn20wnd” has published a jailbreak for iOS 12.4.

“The exploits for the iPhone can sell for millions of dollars, which means that no one has been willing to release jailbreak code publicly because Apple will quickly patch it,” said the report.

Also Read: India’s Chandrayaan-2 on Course to Moon

Security experts have warned to be careful what apps they download with this jailbreak.

Apple recently announced to pay up to $1 million to security researchers for finding flaws and vulnerabilities as part of its bug bounty programme.

The announcement was made by Ivan Krstic, Head of security engineering and architecture at Apple, during the annual Black Hat security conference in Las Vegas. (IANS)

Next Story

Indian Techie Discovers a Bug in Uber, Bags Rs 4.6 Lakh Reward

He has also participated in bug bounties for GitHub, Nokia, Soundcloud, Dropbox and PayPal in the past

0
Uber, bengaluru
Photo shows an exterior view of the headquarters of Uber in San Francisco. (VOA)

Ride-hailing giant Uber that recently fixed a hacking bug found by Bengaluru-based cybersecurity researcher Anand Prakash which allowed hackers to log into anyone’s Uber account, and paid him $6,500 (nearly Rs 4.6 lakh) as reward.

The bug was an account-takeover-vulnerability on Uber that allowed attackers to take over any other user’s Uber account, including those of partners and Uber Eats users, inc42 reported.

As per media report, the bug was present in the API request function of the Uber app.

According to Uber, the bug was immediately fixed through the company’s bug bounty programme. It also said that over $2 million was paid to more than 600 researchers around the world, including Indian researchers.

Prakash had earlier removed a bug in Uber, by taking advantage of which anyone could travel for free for a lifetime in an Uber cab.

He started his career as a security engineer in Flipkart in 2014.

Uber app.

In 2016, he founded AppSecure, a cyber security startup.

Prakash has been featured in the Forbes’ “30 under 30 Asia” list.

In 2015, Facebook awarded him $15,000 as bounty for logging in without an account.

A graduate in computer science from Vellore Institute of Technology, Chennai, he also received $5,000 from Uber for booking a free ride and $4,700 from Tinder.

Also Read: ‘Made In Senegal’ Drones Made With Broken Refrigerators, With Blacksmith’s Help

Prakash has worked with the Bengaluru-based foodtech startup Freshmenu to make their platform secure.

He has also participated in bug bounties for GitHub, Nokia, Soundcloud, Dropbox and PayPal in the past. (IANS)