Tuesday, March 11, 2014

Evad3rs Urge Jailbreakers to Avoid iOS 7.1 While Apple Credits Evad3rs for Revealing Security Flaws

Following the recent iOS 7.1 release, Apple credits the evad3rs Dream Team and other prominent members of the jailbreak community in its latest support document pertaining to iOS 7.1 security improvements.
Apple has taken this opportunity to thank Google and several others who were instrumental in reporting security issues and bugs that helped in the development of key security fixes in iOS 7.1.
Consequently, the evad3rs have been credited with identifying four key security flaws in iOS 7.1 including a bug which enables maliciously crafted backup to alter the iOS filesystem.
The second pertains to a crash reporting issue that could compromise security on arbitrary files by enabling a local user to modify permissions.
The other two concern a kernel issue including a bug that enables any attacker to bypass code signing requirements, besides activating arbitrary code execution within the kernel.
Filippo Bigarella of Springtomise 3 fame and the renowned iOS hacker Stefan Esser (aka i0n1c) also feature in Apple's credit list for their invaluable contributions towards enhancing security in iOS 7.1.
Filippo has been recognised for his work with an exploit that uses a malicious app for abrupt system termination, while Stefan won the credits for reporting a dangerous bug that enables any hacker to perform man-in-the-middle attack that allures the user into downloading the malicious app via Enterprise App download.
Stefan is also credited with developing an untethered exploit for popular jailbreaks used with iOS 4.3.1 and iOS 4.3.2.
Several groups such as Google, FireEye, M-sec and other companies have also been credited by Apple for their aid in helping the company patch up numerous security flaws in iOS 7.1. Some of the noteworthy ones include bugs related to Backup, the Certificate Trust Policy, Configuration Profiles, CoreCapture, Crash Reporting, dyld, FaceTime, ImageIO, IOKit HID Event, iTunes Store, Kernel, Office Viewer, Photos Backend, Profiles, Safari, Settings, SpringBoard, SpringBoard Lock Screen, the TelephonyUI Framework, USB Host, Video Driver and WebKit.
In related news, the Evad3rs have urged the jailbreak community to stay away from iOS 7.1 until further notice, as the new iOS update reportedly fixes key exploits used in the evasi0n7 jailbreak. Furthermore, pod2g has clarified that the evad3rs are unlikely to work on iOS 7.1 jailbreak, owing to critical time constraints
Here is what pod2g recently told idigitaltimes:
"For iOS 7.1, I don't know ... there is a big chance the evad3rs won't focus on it as a team ... expect that for iOS 8 :)

No comments:

Post a Comment