Dec 15, 2021
99 Views
0 0

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

Written by

Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.
As if the Log4Shell hellscape wasn’t already driving everybody starkers, it’s time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges.
To paraphrase one mobile security expert, the iOS 15.2 and iPadOS update – released by Apple on Monday along with updates for macOS, tvOS and watchOS – is as hairy as a Lhasa Apso.
“If log4j wasn’t enough, iOS 15.2 is out and it is wild,” tweeted Zuk Avraham, CEO at ZecOps, which markets a tool for mobile device log analysis. “Many remote and local vulnerabilities. If you care about your iPhone/iPad security you should update soon.”
iOS 15.2 is out and it is wild. Many remote and local security issues. If you care about your iPhone/iPad security you should update soon.
[Source: https://t.co/12IWd9tUyF] pic.twitter.com/47e8jebFod
— Zuk (@ihackbanme) December 14, 2021


Apple’s security updates cover multiple vulnerabilities, including a remote jailbreak exploit chain and a number of critical issues in the kernel and Safari web browser that were first disclosed two months ago at the International Cyber Security Contest Tianfu Cup in China. That’s where the shiniest new iPhone – the iPhone 13 Pro running the most recent and fully patched version of iOS 15.0.2 – was clobbered in record time, twice.
One hack was performed live, on stage, using a remote code execution (RCE) exploit of the mobile Safari web browser. It was unleashed by a team from Kunlun Lab and succeeded in a few eyeblinks: 15 seconds, to be precise.
Tracked as CVE-2021-30955, the issue that was picked apart by Kunlun Lab could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it was a race condition that was addressed with “improved state handling.”
“The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time,” Kunlun Lab’s chief executive, @mj0011sec, said in a tweet. It also affects MacOS, according to @mj0011sec, who’s also the former CTO of Qihoo 360.
Where Kunlun Lab failed, Team Pangu succeeded, managing to remotely jailbreak the iPhone 13 Pro at the Tianfu Cup, marking the first time that the iPhone 13 Pro was publicly jailbroken at a cybersecurity event. The accomplishment netted the team $330,000 in cash rewards.
Here’s the full list of Apple’s security updates from Monday:
Besides the remote jailbreak exploit flaw that toppled the iPhone 13 at the Tianfu Cup – CVE-2021-30955, the discovery of which was credited to Zweig of Kunlun Lab – Apple patched a total of five flaws in Kernel and four in IOMobileFrameBuffer, a kernel extension for managing the screen framebuffer, which is a portion of RAM that contains a bitmap that drives a video display.
Here are the relevant updates:
Miclain Keffeler, application security consultant at application security provider nVisium, told Threatpost on Tuesday that those “wild,” now-patched iOS 15.2 flaws “highlight why the security industry recommends staying on the N-1 or even the N-2 latest version of software patches.”
He noted that security practitioners “often look at new versions of libraries and operating systems as the latest and greatest, but that often comes at the price of unknown and new attack vectors.”
As such, we need to let time – and security testers – dictate the right cadence to run updates, he continued. “The particular CVEs – which have now been patched – affected very core services, meaning that short of taking your iOS or Mac device off of the internet, the only prevention is our weakest security protection: humans.
This string of vulnerabilities “only strengthens the security team’s resolve that security is everyone’s job,” he continued. “Users need to practice good web hygiene as they go about their days by only downloading apps which are trusted, as well as browsing websites that they know are reputable and safe.”
Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.
Share this article:
December’s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate.


This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
There’s a sea of unstructured data on the internet relating to the latest #cybersecurity threats. Join Threatpost’s… https://t.co/y6ZfyTh5I0
4 days ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.

source

Article Categories:
Vulnerabilities

Comments are closed.