Apple Jailbreak Zero-Day Gets a Patch


Apple quietly pushed out a [small but important update](<https://support.apple.com/en-us/HT201222>) for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone [jailbreak tool](<https://threatpost.com/new-ios-jailbreak-tool-works-on-iphone-models-ios-11-to-ios-13-5/156045/>) released last week. In its notes for the release, Apple says very little else about the patches overall that it pushed out Monday — for iOS (including 13.4.6 for HomePod) and iPadOS 13.5.1, watchOS 6.2.6, tvOS 13.4.6, and macOS 10.15.5 — other than that they provide “important security updates” that are “recommended for all users.” A further look at the [details](<https://support.apple.com/pt-pt/HT211214>) of the iPhone updates explains that the release addresses the bug tracked as CVE-2020-9859, used in the [Unc0ver jailbreak](<https://threatpost.com/new-ios-jailbreak-tool-works-on-iphone-models-ios-11-to-ios-13-5/156045/>). The impact of the vulnerability is that “an application may be able to execute arbitrary code with kernel privileges.” The description of the fix is that “a memory-consumption issue was addressed with improved memory handling.” [![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>) The update comes less than a week after hackers released the Unc0ver jailbreak tool, which they said uses a zero-day exploit to break into any iPhone, even those running the latest iOS 13.5. the hackers did not disclose which unpatched iOS flaw they use in their new tool, but they lauded it as the first zero-day jailbreak for the iPhone platform since iOS 8. [Jailbreak tools](<https://threatpost.com/checkra1n-jailbreak-stirs-concerns/150182/>) take advantage of vulnerabilities in iOS to allow users root access and full control of their device, in order to load programs and code from outside of the Apple walled garden. However, one [report](<https://www.vice.com/en_us/article/dyz8nw/iphone-ios-ios13-jailbreak-uncover-unc0ver>) from Vice Motherboard last week said that the jailbreak takes advantage of a kernel vulnerability, which was subsequently identified as CVE-2020-9859. The team behind jailbreak tool said at the time that they expected Apple to find the flaw and release a patch for it, calling it the “nature” of the business, a hacker called [Pwn20wnd](<https://twitter.com/Pwn20wnd>) told Vice Motherboard. The ability for a threat actor to execute arbitrary code with kernel privileges is indeed a critical security problem that Apple would want to patch as soon as possible once it’s been discovered or exploited. Kernel privileges gives someone control over everything in the OS, so a hacker who uses this ability can basically take over, modify or access whatever data or functionality they choose to on someone’s iOS device. Some pro-jailbreak Apple users on Twitter are encouraging users to skip the security update. “_#iOS_ 13.5.1 does in fact patch the [#exploit](<https://twitter.com/hashtag/exploit?src=hashtag_click>) used for [#unc0ver](<https://twitter.com/hashtag/unc0ver?src=hashtag_click>).” [tweeted](<https://twitter.com/AppleTerminal/status/1267525571128356864>) [Apple Terminal](<https://twitter.com/AppleTerminal>), an account that calls itself an “independent Apple news source.” “DO NOT UPDATE.” Other Apple experts on Twitter encouraged people who don’t want to jailbreak their iPhones to make sure they install the patch, also telling users that it fixes the latest Unc0ver jailbreak tool. “Apple released iOS 13.5 update fixing Zero Day exploit used by Unc0ver Jailbreak,” tweeted [iRobin Pro](<https://twitter.com/iRobinPro>), an Apple expert and blogger with a YouTube channel. “If you are not going to jailbreak your iPhone or iPad, update immediately.” **_Concerned about the IoT security challenges businesses face as more connected devices run our enterprises, drive our manufacturing lines, track and deliver healthcare to patients, and more? On _**[**_June 3 at 2 p.m. ET_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_, join renowned security technologist Bruce Schneier, Armis CISO Curtis Simpson and Threatpost for a FREE webinar, _**[**_Taming the Unmanaged and IoT Device Tsunami_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_. Get exclusive insights on how to manage this new and growing attack surface. _**[**_Please register here_**](<https://attendee.gotowebinar.com/register/1837650474090338831?source=ART>)**_ for this sponsored webinar._**