SECURITY
SECURITY
SECURITY
Apple patches vulnerability used to jailbreak iPhones
Apple Inc. has released new updates for its line of products, including a release for iOS that patches a vulnerability used to jailbreak iPhones.
The “zero-day” vulnerability, one not observed before, was present in all versions of iOS from 11.0 onward, including 13.5, and was exploited by the hacking group Unc0ver May 24 to release a comprehensive jailbreak. A jailbroken phone allows users to install third-party software not available in the App Store and gives them the ability to customize the devices.
Available for iPadOS as well, 13.5.1 is said by Apple to deal with a kernel issue that allows an application to execute arbitrary code with kernel privileges — the vulnerability used in the jailbreak app. Apple goes on to describe the vulnerability as a memory consumption issue.
Notably, it took Apple about a week to patch the vulnerability, the same length of time it took to patch a smaller jailbreak in August that worked on an earlier version of iOS.
One of the developers of the jailbreak confirmed on Twitter that the update has closed down the vulnerability used.
I can confirm the new *OS updates have patched the kernel vulnerability used by the #unc0ver jailbreak.
If you are on iOS 13.5, stay and save blobs.
If you are not on iOS 13.5, update to it with the IPSW using a computer while it is still being signed and save blobs.
— @Pwn20wnd (@Pwn20wnd) June 1, 2020
Jailbreaking iPhones was highly popular in the earlier days of the device but has fallen out of favor in recent years because of Apple’s increased levels of security. There are fans of the process, but Apple argues that its ecosystem provides customers with higher levels of security compared with Android, which allows customization and the installation of apps from alternative app stores.
Along with the iOS and iPad release, Apple also released an updated version for other devices with macOS 10.15.5, watchOS 6.2.6, tvOS 13.4.6 and HomePod 13.4.6.
In the case of the watchOS update, it would appear that Apple may have patched the same vulnerability that was found in iOS. The update to macOS is described as a supplemental update that provides an identical description to that of the iOS update despite macOS and iOS being different software.
Users of iPhones and iPads can update their software via the settings up under “general,” then “software update.”
Photo: Pxhere
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
