It’s been a couple of days, so Apple releases yet another iOS update

Graham Cluley

It's been a couple of days, so Apple releases yet another iOS update

It's been a couple of days, so Apple releases yet another iOS update

If at first you don’t succeed, try try again…

The latest major version of Apple’s iOS operating system for iPhones and iPads has had a troubled birth, as evidenced by the rapid release of bug fix after bug fix…

September 19 – Apple releases iOS 13
September 24 – Apple releases iOS 13.1
September 27 – Apple releases iOS 13.1.1
September 30 – Apple releases iOS 13.1.2

Yup, there’s a new update to iOS. But don’t expect it to have resolved the worrying Checkm8 exploit one hacker found in the iPhone’s secure ROM.

When you update your iDevice you’ll be shown brief details of what bugs the update is intended to fix:

  • Fixes a bug where the progress bar for iCloud Backup could continue to show after a successful backup
  • Fixes an issue where Camera may not work
  • Addresses an issue where the flashlight may not activate
  • Fixes a bug that could result in a loss of display calibration data
  • Fixes an issue where shortcuts could not be run from HomePod
  • Addresses an issue where Bluetooth may disconnect on certain vehicles

You’re also told that “information on the security content of Apple software updates” can be found at https://support.appIe.com/kb/HT201222, but at the time of writing only details on the security content of the previous update (iOS 13.1.1) are available.

Sometimes Apple’s security notes can be lacking detail for up to a week after an update’s release which even the biggest fanboy would find hard to describe as acceptable.

However, I can say with a high level of confidence that this iOS update does not fix the Checkm8 iPhone boot ROM exploit revealed at the end of last week.

The Checkm8 exploit allows anyone which physical access to your iPhone to jailbreak it within seconds, by taking advantage of a vulnerability in the iPhone’s secure boot ROM – a hardware area of the phone which cannot be changed through a software update.

Axi0mX, the developer of the exploit, gave an interesting interview with Ars Technica about what Checkm8 can and cannot do.

Perhaps the most important news for the most rabid Apple fans is that the exploit does not work on the very latest iPhones using the A12 or higher chip – such as the iPhone XS, XS Max, and XR – but could be used against the many millions of older devices. What a mess.

As ever, my recommendation would be to backup your data before installing Apple’s latest iOS update. That way you can always roll back if something goes hideously wrong.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “It’s been a couple of days, so Apple releases yet another iOS update”

  1. Interesting that the device's importance due to profit (release dates) outweighs the performance of an Operating System that just works out of the gate? OS's have become so complicated with each passing year that I assume code writers for each must be hard-pressed to keep up with their collaborations and meeting a release deadline?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.