Kernel Vulnerability Causes Apple to Update All Operating Systems

ace · June 1, 2020, 7:30pm

Originally published at: https://tidbits.com/2020/06/01/kernel-vulnerability-causes-apple-to-update-all-operating-systems/

Apple has released updates to macOS, iOS, iPadOS, watchOS, and tvOS to address a security vulnerability in the kernel that could allow an app to execute arbitrary code with kernel privileges. Update soon!

mjg1 · June 1, 2020, 8:29pm

I don’t see an update for my macOS 10.14.6 Mojave MacBook Pro. If it’s an oversight, it’s not just in Apple’s notes.

ace · June 1, 2020, 8:41pm

Yeah, I’ve now seen a suggestion that the bug was in High Sierra, Apple fixed it in Mojave, and that it was somehow reverted in Catalina. Feels odd, but then again, the entire thing is unusual.

david0 · June 1, 2020, 8:42pm

Ditto - no update posted in Software Update for my MBP with 10.14.6 Mojave.
But then, I’m in Canada. It could be that the Ice Wall is preventing immigrant bits from traveling north across the border.

Thanks for the tip, Adam. I’ll keep checking back in Sys Prefs.
(I’ll have to keep checking manually, since the idiot design of the System Preferences dock icon and the Software Update icon are constantly badged to try and trick me into upgrading to Catalina…)

frans · June 1, 2020, 8:51pm

Seems iOS 12 isn’t getting an update for this issue. I wonder why?

ace · June 1, 2020, 9:35pm

In general, Apple doesn’t release fixes for older versions of iOS. However, the theory that Apple actually had fixed this bug in the kernel for Mojave would suggest that it was also fixed in iOS 12. iOS 11 might be still be vulnerable, given that it was parallel to High Sierra.

ddmiller · June 1, 2020, 9:52pm

One of the security updates for iOS 13.5.1 specifically lists the kernel vulnerability that was exploited by the recent unc0ver jailbreak method (“ CVE-2020-9859: unc0ver”). The unc0ver people listed some versions of iOS 12.x that were not vulnerable, and, while 12.4.7 was not one of them, it may be that Apple wasn’t able to verify that this patch worked with iOS 12, so perhaps an update for iOS 12.4.7 is still coming for iPhone 6/6+ and iPhone 5s (and I believe some iPads are still getting those iOS 12 updates.)

aforkosh · June 1, 2020, 11:06pm

There’s also an HomePod update.

My Apple TV was set to receive Beta Updates and claimed to be up to date with 10.13.5. However, when I turned off the Beta update switch, it was able to download 10.13.6, I turned on Beta updating again and was informed everything was up to date.

ttubbiola · June 1, 2020, 11:15pm

One thing to note about the 10.15.5 update, it seems to be resetting the host name and any custom network settings to default on some machines.

Needless to say, this is a problem for many Mac Admins.

romad · June 1, 2020, 11:18pm

Then the article title “Kernel Vulnerability Causes Apple to Update All Operating Systems” is misleading. Based on it I figured fixes were available for all iOS, all Watch OS, all TV OS, and all Mac OS X versions.

Regarding the OS 13 update, does it fix the problems that were caused by the iOS 13.5 update? These problems seem to be generating major concern based on reports in Apple Discussions.

Thankfully I’ve never updated my iPhone 10 to iOS 13 and I won’t be updating my iPad Mini 4 & 5 past iOS 13.1. Of course my iPhone 6 is safe as it can’t be updated to buggy 13.

calion · June 2, 2020, 12:11am

“All Operating Systems” <> “All Versions of All Operating Systems."

calion · June 2, 2020, 12:13am

It’s unclear why unc0ver would have reported the vulnerability it relied on for its jailbreak

I’ve always presumed that Apple sees the jailbreak, deconstructs it, then “credits” the jailbreakers for finding the exploit, as kind of a backhanded compliment.

amarillo56 · June 2, 2020, 1:04am

I’m very disappointed this update didn’t address the problem “a very small number of phones are seeing” in iOs 13.5
I have an iphone SE first generation and an iPhone 11. On the first i amd trying to change the apple ID on the second I want to set it up with the same ID. In both it is not possible to conclude this because when you get updating Apple services they both hang. Apple senior technicians informed me on both accounts.
At this time I have two bricks. I can call and message, but no family sharing, no app purchase sharing which is the principal reason I am doing all of this. I do not expect to call and message from both phones

romad · June 2, 2020, 2:11am

True, but I wasn’t going to go that far! Even if you limited it to just Apple OSes, that would include DOS 3.3, ProDOS 8, & ProDOS 16 for the Apple IIe/c, GS/OS for the Apple IIGS, System 1 through 9 for the Mac, and Apple SOS for the APPLE ///. Oh, it would also include Newton OS 1.x and 2.x

andkim1974 · June 2, 2020, 2:22am

I installed the 10.13.6 update and now I’m having two issues:

Constant crashes of 1Password, and I am unable to use the 1P extension in Chrome–although it’s working in both FF and Safari. I’m going to contact Agile Bits about this, but I’m not a happy camper.
I had to “repair” Firefox and have now lost all the customization’s I’d set up. I’m having to log in to every site, and if I’d bumped up the font viewing size, that’s gone and I have to set each site all over again.

tidbits44 · June 2, 2020, 4:02am

Adam, you write: " If you need a refresher on how to do that:
macOS: System Preferences > Software Update"

I don’t see that in High Sierra. Did you mean System Preferences> App Store?

(I certainly won’t be surprised if Apple decided to change that in a later version.)
Please remove this comment if off base, or after making any needed change in the article. Thanks.

ace · June 2, 2020, 3:06pm

Is this true of 10.15.5 in particular? I thought I saw something about how this started with an earlier version of 10.15?

Oh, come on. That’s just ridiculous and you know it. I was just trying to figure out a way to be clear without listing every one of Apple’s current operating systems, along with High Sierra.

There’s only one fix listed, and 13.5 just came out, so I’d be surprised.

Hah! That would be a Steve Jobs thing to do. Since Apple referenced a CVE entry, I assumed that the unc0ver team had submitted it, but there’s still no information revealed in the CVE.

GeezerGeek · June 2, 2020, 3:24pm

I started the update on my iMac prior to my 1 hour morning walk. When I started work everything seemed normal until I tried to open Mail. Several seconds of the icon “hopping”, then freeze, then reboot. This process repeated over and over, so I had to use the recovery option to reinstall macOS 10.15.5. It’s working now, but will not try to update again until I have a bootable backup. Next try will be using the combo update, which I should have done this time. So far no issues with iOS.

calion · June 2, 2020, 3:37pm

Oh, foo. Now you’re just being silly. Obviously it means current operating systems.

And you forgot A/UX.

calion · June 2, 2020, 3:41pm

Yes. Apple changed it in Mojave.