Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple acknowledges evad3r jailbreakers found 4 of 6 exploits fixed with iOS 6.1.3

Taking a closer look at the security release notes for Apple's latest iOS 6.1.3 update, it was discovered that the tech giant gave credit to the hackers behind the popular evasi0n jailbreak for finding four of six patched exploits.

As noted by The Next Web, the security note that came along with Tuesday's iOS 6.1.3 release credited evad3rs with unearthing four of the six flaws fixed by update.

Evad3rs leveraged some of the exploits to create the evasi0n jailbreak, which allowed iPhone 5 and iPad mini owners to "liberate" their devices. The untethered app was downloaded seven million times in its first four days of availability, leveraging exploits within iOS to grant users greater control over system-level functions usually reserved for first-party apps.

The newest iOS 6.1.3 reportedly breaks evasi0n, as reported in February when a beta version of the update was found to patch the exploits used for the jailbreak, but co-creator David Wang said there may be enough remaining flaws in the operating system to create an entirely new liberation tool.

The exploits discovered by evad3rs:

CVE-2013-0977

dyld

Impact: A local user may be able to execute unsigned code

Description: A state management issue existed in the handling of

Mach-O executable files with overlapping segments. This issue was

addressed by refusing to load an executable with overlapping

segments.

CVE-2013-0978

Kernel

Impact: A local user may be able to determine the address of

structures in the kernel

Description: An information disclosure issue existed in the ARM

prefetch abort handler. This issue was addressed by panicking if the

prefetch abort handler is not being called from an abort context.

CVE-2013-0979

Lockdown

Impact: A local user may be able to change permissions on arbitrary

files

Description: When restoring from backup, lockdownd changed

permissions on certain files even if the path to the file included a

symbolic link. This issue was addressed by not changing permissions

on any file with a symlink in its path.

CVE-2013-0981

USB

Impact: A local user may be able to execute arbitrary code in the

kernel

Description: The IOUSBDeviceFamily driver used pipe object pointers

that came from userspace. This issue was addressed by performing

additional validation of pipe object pointers.

A security flaw that allowed for the bypassing of an iPhone's lock screen, which turned out to be a logic issue in handling emergency calls, was found by Christopher Heffley of theMedium.ca, while a WebKit bug was discovered by Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative.



43 Comments

🎄
gadgetcanada 12 Years · 423 comments

I wonder if Apple credited evad3rs as a slap to their face after dissecting the EvasiOn jailbreak. I can't see evad3rs being all proud of Apple giving them credit for the fix.

🎁
mazda 3s 16 Years · 1598 comments

Quote:
Originally Posted by GadgetCanada 

I wonder if Apple credited evad3rs as a slap to their face after dissecting the EvasiOn jailbreak. I can't see evad3rs being all proud of Apple giving them credit for the fix.

 

I'm not sure I follow your logic. Apple's OS was exploited; why would evad3rs feel that they got slapped in the face? evad3rs dissected iOS 6.x with no help from Apple, while Apple had all the help in the world in the form of the jailbreak and a play-by-play to see how the jailbreak was accomplished.

 

http://www.forbes.com/sites/andygreenberg/2013/02/05/inside-evasi0n-the-most-elaborate-jailbreak-to-ever-hack-your-iphone/

🌟
auxio 19 Years · 2766 comments

Seems like OS X could potentially be susceptible to a couple of these exploits as well (the dyld and USB ones).

chriscaskey 13 Years · 24 comments

Not if the tweets from Musclenerd are anything to go by. 

 

https://twitter.com/MuscleNerd/status/314073229268496384

 

Apple is still signing 6.1.2 for now but I'd save blobs asap.