Apple released an emergency patch to address CVE-2019-8605 iOS flaw

Apple has released an emergency patch in iOS 12.4.1 that addresses the CVE-2019-8605 use-after-free vulnerability that allowed iPhone jailbreak.

Recently, Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers and allowing the jailbreak of the devices.

Experts discovered that the iOS version 12.4 released in June has reintroduced a security flaw found by a Google Project Zero white hat hacker that was previously fixed in iOS 12.3.

A public Jailbreak for iPhones in was published by the Pwn20wnd hacker, it works with the latest version of the iOS mobile operating system. Google Project Zero expert Ned Williamson confirmed that the jailbreak worked on his iPhone.

The flaw potentially exposed iPhone devices running 12.4 version and older iOS versions (any 11.x and 12.x below 12.3) to the risk of a hack until the 12.4.1will be released.

Now Apple has released an emergency patch to address the CVE-2019-8605 kernel issue, the fix is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

“A malicious application may be able to execute arbitrary code with system privileges,” reads the advisory published by Apple. “A use after free issue was addressed with improved memory management.”

The vulnerability was initially reported by Google Project Zero white hacker Ned Williamson, who also published an exploit for iOS 12.2, dubbed “SockPuppet,” after the first patch was released.

The expert Pwn20wnd confirmed that the emergency patch released by apple definitively addressed the CVE-2019-8605 vulnerability.

Apple has also released security updates to address the kernel issue in macOS Mojave and tvOS.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase