Apple has released security updates to address a vulnerability that had been used to jailbreak iPhones running iOS 13.5.
The vulnerability, tracked as CVE-2020-9859, affects the iOS kernel and could allow an application to execute arbitrary code with kernel privileges. According to the description of the fix, “a memory-consumption issue was addressed with improved memory handling.”
According to the CERT Coordination Center, the kernel vulnerability could allow a malicious application to achieve unsandboxed, kernel-level code execution and the jailbreak works on modern iOS devices that use a CPU that supports Pointer Authentication Code (PAC), which indicates that PAC does not prevent exploitation of this vulnerability.
The flaw was patched with the release of iOS 13.5.1 and iPadOS 13.5.1. Apple has also released updates for macOS High Sierra 10.13.6 and macOS Catalina 10.15.5 (macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra), tvOS 13.4.6, and watchOS 6.2.6 to address the issue.
The vendor issued the security patches less than a week after the hackers have released jailbreak tool called “Unc0ver”, which they said uses “a zero-day exploit” to hack into any iPhone, including devices running iOS 13.5, the just-released version of Apple’s mobile operating system.