Why you need to install iOS 12.4 right now


iOS 12.4
It’s high time you installed iOS 12.4 on your iPhone or iPad.
Photo: Ed Hardy/Cult of Mac

Details of five security bugs fixed by last-week’s iOS 12.4 update have been published. This means hackers now have what they need to use them on any device that hasn’t been updated.

Now would be a good time for anyone who’d been procrastinating to install this update on their iPhone or iPad.

These bugs allow a hacker to run malicious code on an iPhone via an iMessage exploit. All that the recipient has to do is read the message for the code to launch.

iOS 12.4 brings enhancements to Apple News+, and makes moving to a new iPhone better. But because that’s really all that changed, it’s understandable if many people didn’t rush to install it. Well, here’s a good reason.

Google Project Zero to the rescue

The security flaws weren’t discovered by Apple but by Google’s Project Zero team. Which explains why the details are being made public.

The bugs in question are CVE-2019-8647, CVE-2019-8660, CVE-2019-8662, CVE-2019-8624 and CVE-2019-8646. Included with descriptions of the bugs is sample code showing hackers how to make use of them.

The Project Zero team is still keeping quiet about a sixth iMessage bug they discovered — CVE-2019-8641 — because iOS 12.4 didn’t completely fix it.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.