Brown’s Bytes – Groundhog Day

Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes

23rd August 2019

Those of you who are regular readers may remember that my last Byte before going on my holidays was about the need to urgently patch iOS devices to 12.4, as there were significant vulnerabilities in the prior release of iOS.

Upon my return to the office this week I had a significant déjà vu moment with news coming out that 12.4 has a significant security flaw… it was almost like I hadn’t had a break!!

I suspect that some of you will probably be getting bored of me banging on about these things, but this particular one is worthy of a look for a simple reason…

It’s a Zombie Vulnerability!

Yup – the vulnerability, SockPuppet if you want to look into it further, is actually one that was originally fixed in iOS 12.3! To give some idea of the timeline:

19/03/2019 – Bug Reported (with 90-day disclosure deadline)
13/05/2019 – iOS 12.3 released
24/05/2019 – iOS 12.3.1 released
10/06/2019 – iOS 12.3.2 released
22/07/2019 – iOS 12.4 released

This is pretty embarrassing, but let’s be fair to Apple… they are far from the first and definitely won’t be the last to have issues keeping source code up to date across various workstreams.

So, what does this mean?

Well, right now all devices running 12.4 (which is pretty much all iOS devices that are able to) can now be jailbroken easily for the first time in years.

Oh, and this vulnerability could result in an app breaking out of its sandbox and performing malware. In reality, this is fairly unlikely if users stick to the Apple App Store for apps, but not impossible… there will be threats targeting this for sure. There are also rumours of web page attacks, but that is all we’ve seen to date.

As an Enterprise Admin, you need to be extra wary of jailbreak for the first time in ages and keep an eye on what apps are on devices – anything unusual should urgently be investigated.

And it is now inevitable that iOS 12.4.1 will be released pretty soon.

What this does is underline, once again, is that putting data on unprotected iOS devices is not without its risks – I will finish with a quote from my last Byte:

“Oh, and if you still think you don’t need Mobile Threat Defence then I’m sorry, but you’ve got your head in the sand…”

Get in touch to understand how to get Mobile Threat Defence solutions put in place – this is a risk that now needs to be managed better than just hoping you don’t have an issue and waiting for Apple for patch it.