The IT giant, Apple has quietly patched a zero-day vulnerability which was recently discovered by a team of cyber-security researchers and hackers in the iOS kernel. Apple has patched this vulnerability in all of its operating systems across various devices along with iOS. The researchers who discovered the vulnerability released a new jailbreak package named Unc0ver (name of the team that invented it) which was claimed to work on all recent iOS versions.
To anyone who is curious about jailbreaking, it is a process where a user can remove the software restrictions put into place by Apple on a device that runs the iOS operating system. It would allow the user to download and install apps not supported by Apple.
Pwn20wnd is a member of the Unc0ver team who is believed to be behind the discovery of the zero-day vulnerability. CVE-2020-9859 is the CVE assigned to this vulnerability.
As we all know, Appleās operating system imposes strict hardware restrictions to safeguard its users from being exposed to attackers. But the terrible fact is that it is possible to remove these hardware restrictions, jailbreaking the iOS devices. The users can gain root access to the iOS file system and manager which will allow them to download and install any third-party application that is unsafe. The Unc0ver team in its latest release 5.0.0, lets the Apple users have root access and unlock all iOS devices, even in the latest version iOS 13.5.
The Unc0ver team claims to have tested the jailbreak on iOS 11 through iOS 13.5 whereas the software did not work on iOS versions 12.3 to 12.3.2 and 12.4.2 to 12.4.5. Apple addressed this vulnerability recently and also revealed that memory consumption as the major reason for the vulnerability.
Vulnerable software versions
- Apple Watch Series 1 before 6.2.6
- iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
- Apple TV 4K and Apple TV HD
- macOS High Sierra 10.13.6, macOS Catalina 10.15.5
Impact
An attacker may be able to execute arbitrary code with kernel privileges using an application. It is also proved that, the attack can be leveraged to exploit modern iOS devices that use a CPU which supports Pointer Authentication Code (PAC). PAC is a new feature that uses unused bits of the pointer address space to cryptographically sign pointer addresses. Pointer Authentication was basically designed with the intention to provide protection against attackers with arbitrary memory read or arbitrary memory write capabilities.
Solution
Apple has released security patches to address the zero-day vulnerability in the following advisories:
- APPLE-SA-2020-06-01-4 for watchOS 6.2.6
- APPLE-SA-2020-06-01-3 for tvOS 13.4.6
- APPLE-SA-2020-06-01-2 for macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra
- APPLE-SA-2020-06-01-1 for iOS 13.5.1 and iPadOS 13.5.1
SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure