Pangu Lab reported multiple iOS security vulnerabilities, which was officially acknowledged by Apple. "Temporary unlocking" is an important cause of conditional competition vulnerabilities

Posted May 27, 20202 min read

Apple iOS/iPadOS 13.5

Technical Editor:Xu Jiu Send from the editorial department

Recently, Apple released the official version of iOS/iPadOS 13.5, which added Face ID to increase the mask detection, new crown close contact tracking and other functions related to the new crown epidemic, and also fixed some previous system bugs.

However, it seems that the official version of the system still has many security problems and vulnerabilities. On May 26, Apple released an article on the official website entitled ["Security Report on iOS 13.5 and iPadOS 13.5"]( https://support . document announcement, detailing the security updates for iOS 13.5 and iPadOS 13.5.

According to the "Pangu Lab" focused on mobile Internet security, last year they had an issue "Attacking iPhone XS Max" in Black Hat USA, which introduced how to use the socket UAF vulnerability caused by conditional competition in the Unix socket bind function to implement the iPhone XS Max Prison break, and concluded:"Temporary unlocking" is an important cause of conditional competition loopholes.

On this basis, Pangu Lab expanded the scope of research and analyzed other socket modules in the XNU kernel. Based on this feature, more similar security vulnerabilities have been discovered, and various security vulnerabilities such as memory out-of-bounds, integer overflow, heap overflow, UAF, multiple releases, type confusion, and use of uninitialized variables have been discovered. And selected a dozen typical vulnerabilities from them and reported them to Apple in batches.

Six vulnerabilities have been fixed in iOS 13.5 released by Apple this time.

6 vulnerabilities in iOS 13.5

Pangu Team

Pangu Team is a professional security research team composed of many senior security researchers. The team has found hundreds of security vulnerabilities in mainstream operating systems and core software products. It is famous for releasing iOS perfect jailbreak tools many times in a row. It is the first domestic team that independently implements Apple iOS perfect jailbreak and is the first in the world. A team that implements a perfect jailbreak for iOS 8 and iOS 9. Pangu jailbreak tool has been downloaded tens of millions of times by users all over the world.

The team members are from top security companies at home and abroad, and have many years of experience in information security research and development. , NDSS, etc.) share research results.

In addition to the iOS system security research, the Pangu team has continuously absorbed senior security researchers, established the Pangu Security Laboratory, and conducted extensive security research in the field of mobile Internet. The analysis found a large number of potential security issues on the mobile Internet, while forming a series of achievements and products in the direction of advanced defense technologies and solutions.

SegmentFault Public Number