Apple Updates All Its Operating Systems Due to a Kernel Vulnerability
Did you know that all Apple’s operating systems— iOS, macOS, iPadOS, tvOS, and watchOS — actually are based on the same code? Recent updates show that it’s true.
Apple has just released its macOS Catalina Supplemental Update, iPadOS 13.5.1, iOS 13.5.1, tvOS 13.4.6, and watchOS 6.2.6, along with a Security Update 2020-03 for High Sierra. Each of these releases are presented as follows: “This update provides important security updates and is recommended for all users.” The security note says that “A memory consumption issue was addressed with improved memory handling,”; what the fix addresses is the vulnerability marked CVE-2020-9859. The detailed info on this vulnerability are not publicly available; what is known is that “An application may be able to execute arbitrary code with kernel privileges.”
So, this vulnerability is most likely a rather dangerous one – just like any other that enable apps to execute code with kernel privileges. In other words, it can do virtually anything on a device - surreptitiously record the user’s actions, install malware or totally erase the local storage. If the vulnerability is fairly easy to exploit, hundreds of millions of Apple users are at risk.
Since Apple mentions unc0ver - a jailbreak producer -in its security notes, 9to5Mac speculates that all these releases address the vulnerability, which is used in the latest jailbreak for devices running iOS 13.5.
Strangely, in the macOS security notes Security Update 2020-03 for macOS 10.14 Mojave wasn’t mentioned. It seems a bit odd that the bug could affect High Sierra and Catalina, but not Mojave. Maybe, a Mojave update will come soon, or probably a fix from Apple in Mojave was withdrawn.
In any case, Apple deserves kudos for updating all the operating systems at once to fix this bug, although it must be troublesome indeed.