If at first you don’t succeed, try try again…
The latest major version of Apple’s iOS operating system for iPhones and iPads has had a troubled birth, as evidenced by the rapid release of bug fix after bug fix…
September 19 – Apple releases iOS 13
September 24 – Apple releases iOS 13.1
September 27 – Apple releases iOS 13.1.1
September 30 – Apple releases iOS 13.1.2
Yup, there’s a new update to iOS. But don’t expect it to have resolved the worrying Checkm8 exploit one hacker found in the iPhone’s secure ROM.
Monday night. Time for another iOS update as we haven't had one for a few days now.. pic.twitter.com/WGeJHbSJF4
— Graham Cluley (@gcluley) September 30, 2019
When you update your iDevice you’ll be shown brief details of what bugs the update is intended to fix:
- Fixes a bug where the progress bar for iCloud Backup could continue to show after a successful backup
- Fixes an issue where Camera may not work
- Addresses an issue where the flashlight may not activate
- Fixes a bug that could result in a loss of display calibration data
- Fixes an issue where shortcuts could not be run from HomePod
- Addresses an issue where Bluetooth may disconnect on certain vehicles
You’re also told that “information on the security content of Apple software updates” can be found at https://support.appIe.com/kb/HT201222, but at the time of writing only details on the security content of the previous update (iOS 13.1.1) are available.
Sometimes Apple’s security notes can be lacking detail for up to a week after an update’s release which even the biggest fanboy would find hard to describe as acceptable.
However, I can say with a high level of confidence that this iOS update does not fix the Checkm8 iPhone boot ROM exploit revealed at the end of last week.
The Checkm8 exploit allows anyone which physical access to your iPhone to jailbreak it within seconds, by taking advantage of a vulnerability in the iPhone’s secure boot ROM – a hardware area of the phone which cannot be changed through a software update.
Axi0mX, the developer of the exploit, gave an interesting interview with Ars Technica about what Checkm8 can and cannot do.
Perhaps the most important news for the most rabid Apple fans is that the exploit does not work on the very latest iPhones using the A12 or higher chip – such as the iPhone XS, XS Max, and XR – but could be used against the many millions of older devices. What a mess.
As ever, my recommendation would be to backup your data before installing Apple’s latest iOS update. That way you can always roll back if something goes hideously wrong.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.