It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.
As if the Log4Shell hellscape wasn’t already driving everybody starkers, it’s time to update iOS 15.2 and a crop of other Apple iGadgets, lest your iPhone get taken over by a malicious app that executes arbitrary code with kernel privileges.
To paraphrase one mobile security expert, the iOS 15.2 and iPadOS update – released by Apple on Monday along with updates for macOS, tvOS and watchOS – is as hairy as a Lhasa Apso.
“If log4j wasn’t enough, iOS 15.2 is out and it is wild,” tweeted Zuk Avraham, CEO at ZecOps, which markets a tool for mobile device log analysis. “Many remote and local vulnerabilities. If you care about your iPhone/iPad security you should update soon.”
Apple’s security updates cover multiple vulnerabilities, including a remote jailbreak exploit chain and a number of critical issues in the kernel and Safari web browser that were first disclosed two months ago at the International Cyber Security Contest Tianfu Cup in China. That’s where the shiniest new iPhone – the iPhone 13 Pro running the most recent and fully patched version of iOS 15.0.2 – was clobbered in record time, twice.
One hack was performed live, on stage, using a remote code execution (RCE) exploit of the mobile Safari web browser. It was unleashed by a team from Kunlun Lab and succeeded in a few eyeblinks: 15 seconds, to be precise.
Tracked as CVE-2021-30955, the issue that was picked apart by Kunlun Lab could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple said it was a race condition that was addressed with “improved state handling.”
“The kernel bug CVE-2021-30955 is the one we tried [to] use to build our remote jailbreak chain but failed to complete on time,” Kunlun Lab’s chief executive, @mj0011sec, said in a tweet. It also affects MacOS, according to @mj0011sec, who’s also the former CTO of Qihoo 360.
Where Kunlun Lab failed, Team Pangu succeeded, managing to remotely jailbreak the iPhone 13 Pro at the Tianfu Cup, marking the first time that the iPhone 13 Pro was publicly jailbroken at a cybersecurity event. The accomplishment netted the team $330,000 in cash rewards.
Here’s the full list of Apple’s security updates from Monday: