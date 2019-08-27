Apple has released a fix for a security bug that was accidentally reintroduced in its recent software update.

Apple has released a fix for an iOS critical security flaw accidentally reintroduced in its last update.

On Monday, Apple released iOS 12.4.1 to re-patch the vulnerability that fixed in iOS 12.3 version (released in May) but was unpatched again in July with the release of iOS 12.4.

Last week, security researchers reported that the bug, tracked as CVE-2019-8605, enables targeted iPhones and iPads to be jailbroken, enabling attackers to take control of the device.

Pseudonymous Apple hacker Pwn20wnd also released a public jailbreak for users running iOS 12.4.

This particular flaw was first discovered by Google Project Zero researcher Ned Williamson.

In its security advisory, Apple said that iOS 12.4.1 addresses the "use after free" kernel issue that could have enabled a bad actor to execute arbitrary code on iPhone or iPad with system privileges.

The company added that it has now fixed the issue with the introduction of improved memory management, which blocks access of any malicious app to free pointers. The company also fixed the same vulnerability in a supplemental update for MacOS 10.14.6.

"We would like to acknowledge @Pwn20wnd for their assistance," Apple said in its security update.

Jailbreaking an iPhone or iPad enables users to change their device's software to install unauthorised, third-party apps not available through the App Store.

Developers who don't wish to abide by Apple Appstore rules often post apps on websites used by jailbroken devices. The technique is also sometimes used to access user interfaces, network capabilities or file systems that are otherwise locked down.

However, tweaking the code of the device also makes them vulnerable to malicious programmes. Even visiting a malicious website could enable threat actors to take control of the jailbroken 'iDevice'.

While Apple has been criticised for its locked-down, walled garden environment for both the iPhone and iPad, it does help improve security.

Earlier this month, Apple increased its maximum bug bounty from $200,000 to $1 million reward in a bid to ensure security researchers turn-in any security flaws they find to Apple.

But, contrary to that, in March, Google's Project Zero disclosed the 'Dirty Mac' copy-on-write security flaw in Apple's MacOS operating system and claimed that the company had failed to fix the high severity flaw within 90 days of reporting.