Apple Fixes 4 Security Flaws Used By Evasi0n in iOS 6.1.3


evasi0n-icon
Back in late February, the evad3rs dev team confirmed that Apple had fixed couple of vulnerabilities used by team in the evasi0n jailbreak in iOS 6.1.3 beta 2.
This means that the evasi0n jailbreak, the most popular jailbreak ever, will no longer work with iOS 6.1.3, which was just released to users couple of hours back to fix the Lock screen security flaw.
In February, David Wang aka planetbeing revealed that iOS 6.1.3 beta 2 had fixed at least two security vulnerabilities used by the evasi0n jailbreak.
However, MuscleNerd of the evad3rs has just shared a link to an email from Apple Product Security, which reveals that Apple has fixed six security flaws in iOS 6.1.3, of which four were used by the evasi0n jailbreak.
evasi0n was a combination of five different security flaws, most of them harmless individually, but together capable enough to jailbreak iOS 6.x.x.
Apple has given credit to the evad3rs dev team for finding these vulnerabilities:
dyld
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed by refusing to load an executable with overlapping
segments.
CVE-ID
CVE-2013-0977 : evad3rs
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine the address of
structures in the kernel
Description: An information disclosure issue existed in the ARM
prefetch abort handler. This issue was addressed by panicking if the
prefetch abort handler is not being called from an abort context.
CVE-ID
CVE-2013-0978 : evad3rs
Lockdown
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: When restoring from backup, lockdownd changed
permissions on certain files even if the path to the file included a
symbolic link. This issue was addressed by not changing permissions
on any file with a symlink in its path.
CVE-ID
CVE-2013-0979 : evad3rs
USB
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code in the
kernel
Description: The IOUSBDeviceFamily driver used pipe object pointers
that came from userspace. This issue was addressed by performing
additional validation of pipe object pointers.
CVE-ID
CVE-2013-0981 : evad3rs
Wang has said that they have discovered enough bugs to nearly build a new iOS jailbreak if all the bugs they used in evasi0n are fixed.
We’ll have to wait and see what evad3rs have to say now that most of the vulnerabilities used in the evasi0n jailbreak have been fixed in iOS 6.1.3.
It goes without saying that jailbreakers should avoid upgrading to iOS 6.1.3 and be extremely careful while installing jailbreak tweaks.

0 comments:

Post a Comment