3 June 2020

Apple fixes recent iPhone “unc0ver” jailbreak flaw


Apple fixes recent iPhone “unc0ver” jailbreak flaw

Apple has released security updates to address a vulnerability that had been used to jailbreak iPhones running iOS 13.5.

The vulnerability, tracked as CVE-2020-9859, affects the iOS kernel and could allow an application to execute arbitrary code with kernel privileges. According to the description of the fix, “a memory-consumption issue was addressed with improved memory handling.”

According to the CERT Coordination Center, the kernel vulnerability could allow a malicious application to achieve unsandboxed, kernel-level code execution and the jailbreak works on modern iOS devices that use a CPU that supports Pointer Authentication Code (PAC), which indicates that PAC does not prevent exploitation of this vulnerability.

The flaw was patched with the release of iOS 13.5.1 and iPadOS 13.5.1. Apple has also released updates for macOS High Sierra 10.13.6 and macOS Catalina 10.15.5 (macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra), tvOS 13.4.6, and watchOS 6.2.6 to address the issue.

The vendor issued the security patches less than a week after the hackers have released jailbreak tool called “Unc0ver”, which they said uses “a zero-day exploit” to hack into any iPhone, including devices running iOS 13.5, the just-released version of Apple's mobile operating system.

Back to the list

Latest Posts

200,000 Businesses are exposed to MitM attacks

200,000 Businesses are exposed to MitM attacks

A successful attack could allow an attacker to present a valid SSL certificate and fraudulently take over a connection.
25 September 2020
Hackers exploit Zerologon vulnerability in wild

Hackers exploit Zerologon vulnerability in wild

Microsoft strongly recommends all Windows administrators to install the security updates.
24 September 2020
Mozilla fixed three high-severity flaws with Firefox 81 release

Mozilla fixed three high-severity flaws with Firefox 81 release

Some of the flaws could be exploited to run arbitrary code.
23 September 2020