Apple has released a new version of its operating system, iOS 13.5.1, in order to provide “important security updates [that are] recommended for all users.”
It means Apple has patched the infamous “Unc0ver” jailbreak which allowed even the most recent iPhones to be compromised.
Apple’s security page states that the update was pushed out in order to stop software from “execut[ing] arbitrary code with kernel privileges” – which is how jailbreaking works.
To “jailbreak” an iPhone means to remove the usual restrictions imposed by Apple, allowing users more control such as loading apps that are not available in Apple’s App Store at the risk of lower device security.
It was discovered that the Unc0ver jailbreak has been circulating on the internet since at least February, with some speculating that hackers and researchers had the code since December 2019.
Knowledge like this is a boon for criminal hackers, who are looking for loopholes and vulnerabilities in operating systems, so it was expected that the exploit would be patched before the expected launch of Apple’s iOS 14 in June.
The hack was particularly notable because, at the time, it worked on current iPhones. Exploits were previously available for all versions of iOS between 11 and 13.5, with hackers suggesting that Apple’s latest operating system would also be able to be breached.
As Wired reported, the Unc0ver jailbreak was the first built a zero-day vulnerability in years. A “zero day” vulnerability is one where developers have not had the time to fix because it is so recent. The individuals behind Unc0ver did not disclose the vulnerability to Apple, and so could use it for their own purposes.
With this recent update, hackers and hobbyists will have to find a new method into Apple’s smartphones.
This is not the only potential breach Apple has had to fix in its update. Developer Bhavuk Jain found a software bug in the company’s “Sign in with Apple” feature that would allow hackers to achieve a “full account takeover of [third party] user accounts” which could be logged into via that feature.