Apple’s (NASDAQ:AAPL) latest iOS 7.1 firmware update patched
evasi0n7, the untethered jailbreak tool that was released to jailbreak
devices running on iOS 7, while the company also gave credit to evad3rs
-- the jailbreakers’ team that created evasi0n7 -- for some significant
security changes introduced in iOS 7.1.
release of the iOS 7.1
on Monday, reports began appearing on the Internet claiming that the
latest iOS version has killed all the exploits that were used by the
hackers to develop evasi0n7 to perform an untethered jailbreak on iOS 7
devices. According to the reports, jailbreak users should not update
their devices to the new iOS 7.1 if they want to keep their jailbreak
unharmed.
MuscleNerd, a renowned iOS hacker and jailbreak developer, also recommended the same for his followers on Twitter.
Currently, there is no indication from evad3rs that evasi0n7 will be updated to support iOS 7.1.
Meanwhile, Apple has updated the support web page on its website with a newly created document, which describes multiple iOS 7.1 security changes and improvements. In the document, the company gave credit to evad3rs members for reporting issues and helping Apple implement four key changes to the iOS 7.1 firmware.
The first improvement deals with a bug, which allowed a maliciously crafted backup to alter the iOS file system in devices, including the iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later.
The second security change was related to a crash-reporting issue, which could allow a local user to change permissions on arbitrary files on the affected devices.
The third security concern dealt with a kernel issue that could allow for an unexpected system termination or arbitrary code execution in the kernel itself, which goes into the making of jailbreaks. Here is how Apple described the issue:
In addition, Apple also credited Stefan Esser, another iOS hacker, for a bug that could enable an attacker to entice a user into downloading a malicious app via Enterprise App Download.
Apple has thanked iOS hackers for their exploits in the past as well. In 2012, the company gave credit to the iOS Jailbreak Dream Team for discovering a kernel exploit that was patched in iOS 5.1. After the release of iOS 6.1.3 in March 2013, Apple thanked evad3rs for helping it fix four bugs, iDownloadBlog reported.
Following the MuscleNerd, a renowned iOS hacker and jailbreak developer, also recommended the same for his followers on Twitter.
Currently, there is no indication from evad3rs that evasi0n7 will be updated to support iOS 7.1.
Meanwhile, Apple has updated the support web page on its website with a newly created document, which describes multiple iOS 7.1 security changes and improvements. In the document, the company gave credit to evad3rs members for reporting issues and helping Apple implement four key changes to the iOS 7.1 firmware.
The first improvement deals with a bug, which allowed a maliciously crafted backup to alter the iOS file system in devices, including the iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later.
The second security change was related to a crash-reporting issue, which could allow a local user to change permissions on arbitrary files on the affected devices.
The third security concern dealt with a kernel issue that could allow for an unexpected system termination or arbitrary code execution in the kernel itself, which goes into the making of jailbreaks. Here is how Apple described the issue:
An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking.The remaining security issue was related to a bug, which could enable an unauthorized user to bypass code-signing requirements on the affected devices.
In addition, Apple also credited Stefan Esser, another iOS hacker, for a bug that could enable an attacker to entice a user into downloading a malicious app via Enterprise App Download.
Apple has thanked iOS hackers for their exploits in the past as well. In 2012, the company gave credit to the iOS Jailbreak Dream Team for discovering a kernel exploit that was patched in iOS 5.1. After the release of iOS 6.1.3 in March 2013, Apple thanked evad3rs for helping it fix four bugs, iDownloadBlog reported.
No comments:
Post a Comment