Apple issues emergency patch for iOS and macOS (CVE-2019-8605)

Apple security updates for iOS 12.4.1, macOS Mojave 10.14.6

Apple released security updates and emergency patch for iOS and macOS (CVE-2019-8605). In all, the company released iOS 12.4.1, macOS Mohave 10.14.6, watchOS 5.3.1 and tvOS 12.4.1.

The latest Apple iOS 12.4.1 update fixes just one “use after free” vulnerability CVE-2019-8605 in the Kernel component. To add, a malicious application could execute arbitrary code with system privileges.

Ned Williamson with Google Project Zero discovered the vulnerability. He also noted that Apple previously fixed the issue in iOS 12.3, but broke the update with iOS 12.4.

“In an interesting twist of events, this has been fixed again in iOS 12.4.1 after being accidentally reintroduced into iOS 12.4,” Williamson added in a blog post.

Before the recent 12.4.1 update, hackers quickly took advantage by publicly releasing a jailbreak for Apple phones running iOS 12.4. According to one blog post, this was the “first free public jailbreak for a fully updated iPhone” in years.

Apple also released the macOS Mojave 10.14.6 and tvOS 12.4.1. These updates also address the same CVE-2019-8605 found in iOS 12.4.

Finally, Apple released watchOS 5.3.1, but has no published vulnerabilities included in the update.