Apple accidentally reopens security flaw in latest iOS version

From theguardian.com

Apple logo

Apple users are being warned to exercise particular caution over their cybersecurity for the next few days, after the company mistakenly reopened a security flaw in the latest version of iOS.

In iOS 12.4, released last month, Apple fixed a number of security bugs, as well as enabling support for the Apple Card in the US. But in doing so, the company accidentally reversed a security fix it had previously patched in iOS 12.3 at the end of April.

That vulnerability, discovered by Google’s bug-hunting team Project Zero, theoretically allows “a malicious application … to execute arbitrary code with system privileges”. In other words, if exploited, a malicious application can gain complete control over an iPhone – a dream for hackers and spies the world over.

Read more…