The iOS 12.4.1 update is now rolling out for iPhones, and this is a fairly important update in many ways. The update fixes and patches up the vulnerability that Apple had inadvertently reintroduced with the iOS 12.4 update which allowed an attacker to execute a code on any iPhone or iPad, with the highest level of privileges. The update is now available for iPhone 5s and later, iPad Air and later and the iPod Touch 6th generation. It is also expected that this will be the last big update for iOS 12, before the iOS 13 and its massive upgrades roll out sometime next month.
Apple had accidentally undone the patching for this issue with the previous iOS 12.4 update—this was earlier patched in an iOS update in May. The rather brief security advisory reads the impact as “A malicious application may be able to execute arbitrary code with system privileges”.
But what exactly are these privileges and why were they such a big deal?
On an iPhone or iPad running iOS, there is something known as system privileges or root privileges. This gives the user, who may have these privileges, to run apps or code while interacting directly with the basic code of the iOS operating system. This is also known as Jailbreaking—you must have often heard the phrase “jailbreak an iPhone”. This is to allow apps to run that are not otherwise allowed by Apple, and with more access to iOS than Apple usually allow for the sake of data privacy and data security. Jailbreaking does offer the extended flexibility that many users point at Android and claim it does better, but this also opens up the iPhone or iPad to the risk of malware, spyware and data breaches that a user may or may not realize.
If you happen to have a malware or spyware laden app installed on the Jailbroken iPhone, you may be giving access to the app (and subsequently a hacker) access to your messages, contacts, files stored in the phone, the ability to track your location, keylogging (this is bad news if you are using internet banking, for instance) and even listen in on your calls.
You can update your iPhone or iPad with the iOS 12.4.1 update by heading to Settings -> General -> Software Update to download and install this update. While this update isn’t expected to make any changes to the apps and files already loaded in your iPhone, it would be best if you do make an iCloud backup beforehand.
Incidentally, Apple has also fixed a similar vulnerability in the macOS 10.14.6 Supplemental Update now rolling out for all Mac devices.