Apple has been taking steps as of late to help catch vulnerabilities before they reach the hands of bad actors. For example, they recently began providing security researchers iPhones to make it easier for them to find vulnerabilities. At around the same time Apple also increased their bug bounty program to $1 million for the top prize of getting full control of a phone without user interaction. In addition to the big prize, Apple awards a $500,000 price for a vulnerability that allows some access to the phone. That said, they also changed the program from invitation only to open to all. Security-wise, Apple devices come with high marks, and this should help maintain them. We can appreciate Apple taking such a strong stance in security.
It isn’t all smooth sailing for Apple though. Just this week, they failed to apply a fix for a bug in their iOS 12.4 update – a bug that was previously fixed in 12.3. A group by the name UncOver released the exploit code for the vulnerability here. Using this vulnerability and exploit, users can now jailbreak their phone which may be seen as a benefit, but apps downloaded from the App store also may exploit this vulnerability to gain control of your phone.
This shows that even companies who focus on security in their product make mistakes. Getting product security right 100% of the time is simply not possible, even for the giants like Apple. This means as a user you need to review the software you install on your phone. With these vulnerabilities present you can reduce your chances of any exploit by reviewing apps you install and fallowing these steps. Only load apps from the official App store, read the reviews and the time of the reviews to see other experiences, and check on the App creators to see if they make shady apps.
Leave a Reply