It took only 15 seconds to hack the latest, greatest, iPhone 13 Pro on stage at the Tianfu Cup in Oct., using a now-fixed iOS kernel bug.
As if the Log4Shell hellscape wasn’t already driving everybody crazy, it’s time to update iOS 15.2 & other Apple iGadgets, so your iPhone doesn’t get taken over by a malicious app that executes arbitrary code with kernel privileges.
‘Lhasa Apso’
To quote one mobile security expert, the iOS 15.2 & iPadOS update – released by Apple on Mon. along with updates for macOS, tvOS & watchOS – is ‘as hairy as a Lhasa Apso.’
“If log4j wasn’t enough, iOS 15.2 is out & it is wild,” tweeted Zuk Avraham, CEO at ZecOps, which markets a tool for mobile device log analysis. “Many remote & local vulnerabilities. If you care about your iPhone/iPad security you should update soon.”
Update Soon
iOS 15.2 is out & it is wild. Many remote & local security issues. If you care about your iPhone/iPad security, you should update soon.
[Source: https://t.co/12IWd9tUyF] pic.twitter.com/47e8jebFod
— Zuk (@ihackbanme) December 14, 2021
Apple’s security updates cover multiple vulnerabilities, including a remote ‘jailbreak’ exploit chain & a some critical issues in the kernel & Safari web browser that were 1st disclosed 2 months ago at the International Cyber Security Contest Tianfu Cup in China. That’s where the shiniest new iPhone – the iPhone 13 Pro running the most recent & fully patched version of iOS 15.0.2 – was hit in record time, twice.
15 Seconds
One hack was performed live, on stage, using a remote code execution (RCE) exploit of the mobile Safari web browser. It was done by a team from Kunlun Lab & succeeded in 15 seconds, to be precise.
Tracked as CVE-2021-30955, the issue that was taken apart by Kunlun Lab could have enabled a malicious application to execute arbitrary code with kernel privileges. Apple stated it was a race condition that was addressed with “improved state handling.”
Tianfu Cup
“The kernel bug CVE-2021-30955 is the one we tried to use to build our remote jailbreak chain but failed to complete on time,” Kunlun Lab’s chief executive, @mj0011sec, said in a tweet. It also affects MacOS, according to @mj0011sec, who’s also the former CTO of Qihoo 360.
Where Kunlun Lab failed, Team Pangu succeeded, managing to remotely jailbreak the iPhone 13 Pro at the Tianfu Cup, marking the 1st time that the iPhone 13 Pro was publicly jailbroken at a cyber-security event. The accomplishment made the team $330k in cash rewards.
Apple Security Updates
Here’s the full list of Apple’s security updates from Mon.:
- macOS Monterey 12.1
- macOS Big Sur 11.6.2
- Security Update 2021-008 Catalina
- iOS 15.2 & iPadOS 15.2
- tvOS 15.2
- watchOS 8.3
More Fixed Bugs
Besides the remote ‘jailbreak’ exploit flaw on the iPhone 13 at the Tianfu Cup – CVE-2021-30955, the discovery of which was credited to Zweig of Kunlun Lab – Apple patched a total of 5 flaws in Kernel & 4 in IOMobileFrameBuffer, a kernel extension for managing the screen framebuffer, which is a portion of RAM that contains a bitmap that drives a video display.
Updates
Here are the updates:
- CVE-2021-30927 & CVE-2021-30980: A use after free issue that could allow a malicious application to run arbitrary code with kernel privileges.
- CVE-2021-30937: A memory corruption vulnerability that could allow a malicious application to run arbitrary code with kernel privileges.
- CVE-2021-30949: A memory corruption issue that could allow a malicious application to run arbitrary code with kernel privileges.
- CVE-2021-30993: A buffer overflow issue that could allow an attacker in a privileged network position to execute arbitrary code.
- CVE-2021-30983: A buffer overflow issue that could allow an application to run arbitrary code with kernel privileges.
- CVE-2021-30985: An out-of-bounds write issue that could allow a malicious application to run arbitrary code with kernel privileges.
- CVE-2021-30991: An out-of-bounds read issue that could allow a malicious application to run arbitrary code with kernel privileges.
- CVE-2021-30996: A race condition that could allow a malicious application to run arbitrary code with kernel privileges.
‘Aged Cheese, Wine & Software’
Miclain Keffeler, Application Security Consultant at application security provider nVisium, explained on Tues. that those “wild,” now-patched iOS 15.2 flaws “highlight why the security industry recommends staying on the N-1 or even the N-2 latest version of software patches.”
He noted that security practitioners “often look at new versions of libraries and operating systems as the latest & greatest, but that often comes at the price of unknown & new attack vectors.”
Core Services
So, we need to let time & security testers – dictate the right cadence to run updates, he continued. “The particular CVEs – which have now been patched – affected very core services, meaning that short of taking your iOS or Mac device off of the internet, the only prevention is our weakest security protection: humans.
This string of vulnerabilities “only strengthens the security team’s resolve that security is everyone’s job,” he continued.
“Users need to practice good web hygiene as they go about their days by only downloading apps which are trusted, as well as browsing websites that they know are reputable & safe.”
