Hello, welcome to the Tuesday, June 2nd, 2020 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

It's less than a week ago that Apple did release updates for macOS and about two weeks since we got the last ios update still

apple today released a security update for all of its operating systems now this update fixes

one single vulnerability cve 2020 9859 and And this is a privilege escalation vulnerability that did allow for the recently released

uncover jailbreak exploit.

So jailbreaking on iOS devices does require that you as a user are able to execute code with kernel privileges,

and that's exactly what is being fixed here.

The big impact here, of course, is for iOS and iPadOS, because there you have all these

restrictions trying to limit what a user could possibly execute.

For macOS, this is still a dangerous privilege escalation flaw that should be addressed, of course.

MacOS, at least in its normal configuration, is a little bit more open.

Now, of course, once you upgrade to iOS 13.5.1, which is this

latest version that was just released today, the uncover jailbreak exploit will no longer work,

so you will no longer be able to jail break your phone. For most users, jailbreaking tends to be a bad idea

because you are essentially disabling a good part of the secure infrastructure in iOS.

If you are a researcher or such that would like to look at some of the internals of iOS, then of course

jailbreaking, maybe something that you would like to do to your devices, and in this case,

don't upgrade to 13.5.1. And aside from fixing this single vulnerability, Apple apparently didn't make any changes to any of the

operating systems. Now, anti-maliver sometimes can sort of be this black box and you really don't

know why it considers a particular email attachment, for example, as malicious.

...