Apple issues a quick fix for a fix that was unfixed
Apple pushed out a software update today to repair a problem that it had previously patched — and then somehow unpatched. Update 12.4.1 introduces a fix for a vulnerability in which, according to Apple, “a malicious application may be able to execute arbitrary code with system privileges” — a fix that was originally introduced back in May, and removed in June.
Here’s what happened: The patch was originally issued on May 13th via iOS 12.3 to safeguard Apple mobile devices (iPhone 5S and later, iPad Air and later, and the sixth-generation iPod touch) from a vulnerability which could open them to jailbreaking. All good — until a new update, iOS 12.4, inadvertently undid the patch and once again made the devices susceptible to the attack, making it necessary to quickly issue this supplemental update.
On the support page announcing the new update, Apple adds, “We would like to acknowledge @Pwn20wnd for their assistance.” There are no acknowledgements for the team that accidentally removed the original fix — or that probably had to work around the clock to make things right.
Other supplemental updates sent though today include watchOS 5.3.1, tvOS 12.4.1, and macOS 10.14.6.