Apple releases iPhone update to patch ‘Unc0ver’ zero-day hack

The jailbreak for the most recent iPhones was circulating online since at least February 2020

Adam Smith
Tuesday 02 June 2020 12:03 EDT
Comments
A customer tries an Apple Inc. iPhone SE at the company's Omotesando store on March 31, 2016 in Tokyo, Japan
A customer tries an Apple Inc. iPhone SE at the company's Omotesando store on March 31, 2016 in Tokyo, Japan (Tomohiro Ohsumi/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Apple has released a new version of its operating system, iOS 13.5.1, in order to provide “important security updates [that are] recommended for all users.”

It means Apple has patched the infamous “Unc0ver” jailbreak which allowed even the most recent iPhones to be compromised.

Apple’s security page states that the update was pushed out in order to stop software from “execut[ing] arbitrary code with kernel privileges” – which is how jailbreaking works.

To “jailbreak” an iPhone means to remove the usual restrictions imposed by Apple, allowing users more control such as loading apps that are not available in Apple’s App Store at the risk of lower device security.

It was discovered that the Unc0ver jailbreak has been circulating on the internet since at least February, with some speculating that hackers and researchers had the code since December 2019.

Knowledge like this is a boon for criminal hackers, who are looking for loopholes and vulnerabilities in operating systems, so it was expected that the exploit would be patched before the expected launch of Apple’s iOS 14 in June.

The hack was particularly notable because, at the time, it worked on current iPhones. Exploits were previously available for all versions of iOS between 11 and 13.5, with hackers suggesting that Apple’s latest operating system would also be able to be breached.

As Wired reported, the Unc0ver jailbreak was the first built a zero-day vulnerability in years. A “zero day” vulnerability is one where developers have not had the time to fix because it is so recent. The individuals behind Unc0ver did not disclose the vulnerability to Apple, and so could use it for their own purposes.

With this recent update, hackers and hobbyists will have to find a new method into Apple’s smartphones.

This is not the only potential breach Apple has had to fix in its update. Developer Bhavuk Jain found a software bug in the company’s “Sign in with Apple” feature that would allow hackers to achieve a “full account takeover of [third party] user accounts” which could be logged into via that feature.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in