July 5, 2020

Volume X, Number 187

July 03, 2020

Subscribe to Latest Legal News and Analysis

Privacy Tip #240 – Update iPhone OS as Soon as Possible for Jailbreak Zero-Day Vulnerability

We have urged readers in the past to pay attention to the pushes received from mobile phone manufacturers to update operating systems. Although the pushes claim that new features are included, there are also patches included to plug known vulnerabilities. If you keep pushing “later,” and you don’t update as soon as possible, those vulnerabilities continue to subject you to risk until they are patched.

This week, it was reported by ZDNet that hackers have successfully exploited a zero-day vulnerability in the iOS, for which Apple has indicated it will release a patch in the next few days. A zero-day vulnerability means that it can be exploited before the manufacturer has released a patch. The last time an iOS zero-day vulnerability was successfully released was in 2014. In the past, Apple has been able to release a patch for known vulnerabilities within one day.

The zero-day vulnerability, released by UncOver, version 5.0.0 of a jailbreak package, allows users access and full control over the device, even if they are running the most recent iOS, v. 13.5.

It is always important to update your iOS (or any other Operating System) as soon as the manufacturer sends you notification, but in this case, it is especially important for iPhone users to update the iOS when notified by Apple because of this known vulnerability. Once you receive the notification, plug in your phone and run the patch. Don’t be tempted to hit “later.”

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 149


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...