Categories: MobilitySecurity

Apple Emergency Update Fixes Major Flaw With iOS 9.3.4

Apple said it has fixed a flaw in iOS that could allow attackers to take over iPad and iPhone devices.

The bug was serious enough to prompt Apple to issue a software update, iOS 9.3.3, that fixes this bug alone.

Emergency patch

The update appears two weeks after Apple’s last iOS patch, which fixed another critical flaw that affected the ImageIO subsystem.

The latest patch fixes a bug in the IOMobileFrameBuffer component that could allow an application to execute malicious code with kernel privileges, Apple said.

“A memory corruption issue was addressed through improved memory handling,” Apple said in its advisory.

The bug was discovered by Team Pangu, which develops jailbreaking software to allow iOS devices to run outside of Apple’s built-in restrictions, Apple said.

IT security researchers said such flaws can be used by jailbreakers to make devices perform specialised functions, but can also allow serious attacks.

Device takeover

“A kernel-level RCE bug is a double gift to crooks, because software that runs inside the kernel isn’t subject to the same sandboxing limitations as a regular app,” said Sophos researcher Paul Ducklin in an advisory. “An RCE that applies to a single app is like hacking into one set of traffic lights in a busy metropolitan area; a kernel RCE is more like hacking into the central server that controls all the traffic lights at every intersection in the city.”

Apple’s next major iOS version is expected to be released in September.

Researchers said frequent updates are necessary to protect mobile devices from ever more sophisticated criminal hacks, and noted that Apple’s devices are relatively easy to keep up to date.

“If you ever think security is a pain on your mobile device, just have a word with your Android-owning friends, many of whom will find it hard to remember when (if ever) they received their last operating system update,” said researcher Graham Cluley in an advisory.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

16 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

16 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

18 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

20 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

20 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

21 hours ago