Should You Install Apple’s iOS 12.3.1?

Rolled out a couple of days ago, Apple’s latest versions of iOS features numerous bug and security fixes. According to the company, the latest patch also includes a fix to the infamous fingerprint vulnerability, which allowed hackers to track a device around the Internet. All in all, version 12.3.1 touts no less than 41 security-related fixes. If prompted, you should update your Apple phone to the latest version as fast as possible.

Benefits of Installing iOS 12.3.1

Compared to version 12.2, which was released at the beginning of May, iOS 12.3.1 contains way more fixes, including an extra safeguard for the calibration fingerprinting attack. Discovered in late April, this vulnerability would have allowed anyone with the right privileges to track your device around the Internet.

The cybersecurity researchers who uncovered the exploit warned that there is no way of defending against this type of attack, as it could have been launched from any website injected with the malware code.

Furthermore, the suspicious website would be flagged as safe by both your browser and anti-malware software. Once inside the phone, it was capable of generating a globally unique fingerprint in under one second.

From there, it would spread to the phone’s sensors (accelerometer, magnetometer, and gyroscope). Although the injected malware was not capable of pinpointing the user’s physical location, it could have kept tabs on your online activity. The worse part is that not even a factory reset couldn’t have purged the malware code.

Apple declared that iOS version 12.3.1 solved the issue. Another great reason why you should update your phone to the latest version is the FaceTime eavesdropping exploiting.

Discovered around the same time as the calibration fingerprinting bug, this issue would have allowed anyone to eavesdrop on your FaceTime conversations each time you would make a call.

Other well-welcomes improvements include:

  • AppleKeyStore fix, where a sandboxed process was able to around restrictions.
  • Core Media bug which allowed a malicious application to obtain root privileges.
  • CoreAnimation bug which could have been used to access the device’s restricted memory.
  • Natural Language Processing issue which allowed your device to process a crafted message, resulting in a denial of service.
  • Keyboard bug where the autofill functions would continue to fill in passwords, even though they’ve been manually wiped by the user.
  • Kernel, an exploit which would have allowed an app to execute malware code with kernel privileges.
  • Bluetooth bug, which allowed a hacker to execute arbitrary code on your phone if he operated from a privileged network.
  • Safari reader vulnerability, whereupon accessing infected web content could have led to a scripting attack.

If you’re interested in the full list of bug fixes, head to Apple’s support page for iOS 12.1.3.

Wrap up

Should you install the latest OS version? Most definitely, as the security updates will prevent any outside tampering. Word of caution though – there’s no way of telling how your phone will handle the transition from your current OS version to 12.3.1. Before proceeding with the update, don’t forget to back up your data.

Now, if you don’t want to risk losing info, you can skip this update and stick with the one you have. Still, we would recommend the transition, since the previous versions are still vulnerable to attacks.

How did the update process work out for you? Head to the comments section and let us know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *