You are using an outdated browser. Please upgrade your browser to improve your experience.

Apple Gives Credit To evad3rs Jailbreak Team For Majority Of Fixes In iOS 6.1.3

Earlier today, Apple released iOS 6.1.3 to the public. As stated in the software update's release notes, iOS 6.1.3 contains bug fixes and other improvements. Specifically, the update fixes a bug that could allow someone to bypass the passcode and access the Phone app. Also, it delivers improvements to Maps in Japan. The other fixes included in the update are detailed in a security note recently issued by Apple. And as pointed out by iOS hacker MuscleNerd, most of these fixes are credited to the evad3rs, the team responsible for the popular evasi0n iOS 6 jailbreak. Of the six fixes included in iOS 6.1.3, four are attributed by Apple to the evad3rs, of which MuscleNerd is a member. The other two fixes, one for the aforementioned passcode issue and the other for a crash issue concerning malicious websites, are ascribed to Christopher Heffley of theMedium.ca and Nils and Jon from MWR Labs, respectively. The four fixes credited to the evad3rs are explained by Apple as follows:
dyld Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments. CVE-ID CVE-2013-0977 : evad3rs Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine the address of structures in the kernel Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context. CVE-ID CVE-2013-0978 : evad3rs Lockdown Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path. CVE-ID CVE-2013-0979 : evad3rs USB Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code in the kernel Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers. CVE-ID CVE-2013-0981 : evad3rs
Incidentally, iOS 6.1.3 is the first software update since the release of evasi0n to patch one or more of the vulnerabilities used in the jailbreak. As advised by my colleague Dom, if your iDevice is on evasi0n, you may want to stay away from iOS 6.1.3. Via: The Next Web
Related Articles

Adobe CTO Kevin Lynch Abandons Adobe For Apple, Will Report To Bob Mansfield

Apple Releases iOS 6.1.3 To The Public With Lock Screen Bug Fix