Security News > 2021 > December > Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit
2021-12-14 23:10

As if the Log4Shell hellscape wasn't already driving everybody starkers, it's time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges.

To paraphrase one mobile security expert, the iOS 15.2 and iPadOS update - released by Apple on Monday along with updates for macOS, tvOS and watchOS - is as hairy as a Lhasa Apso.

Apple's security updates cover multiple vulnerabilities, including a remote jailbreak exploit chain and a number of critical issues in the kernel and Safari web browser that were first disclosed two months ago at the International Cyber Security Contest Tianfu Cup in China.

That's where the shiniest new iPhone - the iPhone 13 Pro running the most recent and fully patched version of iOS 15.0.2 - was clobbered in record time, twice.

Where Kunlun Lab failed, Team Pangu succeeded, managing to remotely jailbreak the iPhone 13 Pro at the Tianfu Cup, marking the first time that the iPhone 13 Pro was publicly jailbroken at a cybersecurity event.

Besides the remote jailbreak exploit flaw that toppled the iPhone 13 at the Tianfu Cup - CVE-2021-30955, the discovery of which was credited to Zweig of Kunlun Lab - Apple patched a total of five flaws in Kernel and four in IOMobileFrameBuffer, a kernel extension for managing the screen framebuffer, which is a portion of RAM that contains a bitmap that drives a video display.


News URL

https://threatpost.com/apple-ios-updates-iphone-13-jailbreak-exploit/177051/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-30955 Race Condition vulnerability in Apple products
A race condition was addressed with improved state handling.
local
high complexity
apple CWE-362
7.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349