Earlier today, Apple released iOS 6.1.3 to the public. As stated in the software update’s release notes, iOS 6.1.3 contains bug fixes and other improvements. Specifically, the update fixes a bug that could allow someone to bypass the passcode and access the Phone app. Also, it delivers improvements to Maps in Japan. The other fixes included in the update are detailed in a security note recently issued by Apple. And as pointed out by iOS hacker MuscleNerd, most of these fixes are credited to the evad3rs, the team responsible for the popular evasi0n iOS 6 jailbreak.

Of the six fixes included in iOS 6.1.3, four are attributed by Apple to the evad3rs, of which MuscleNerd is a member. The other two fixes, one for the aforementioned passcode issue and the other for a crash issue concerning malicious websites, are ascribed to Christopher Heffley of theMedium.ca and Nils and Jon from MWR Labs, respectively.

The four fixes credited to the evad3rs are explained by Apple as follows:

dyld
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping
segments.
CVE-ID
CVE-2013-0977 : evad3rs

Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine the address of
structures in the kernel
Description: An information disclosure issue existed in the ARM
prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context.
CVE-ID
CVE-2013-0978 : evad3rs

Lockdown
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: When restoring from backup, lockdownd changed
permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.
CVE-ID
CVE-2013-0979 : evad3rs

USB
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code in the kernel
Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers.
CVE-ID
CVE-2013-0981 : evad3rs

Incidentally, iOS 6.1.3 is the first software update since the release of evasi0n to patch one or more of the vulnerabilities used in the jailbreak. As advised by my colleague Dom, if your iDevice is on evasi0n, you may want to stay away from iOS 6.1.3.

Via: The Next Web