Apple credits jailbreak team Evad3rs in iOS 6.1.3 security update

Fixes lock screen bypass and four flaws that were exploited in a popular jailbreak for iOS 6 devices.

Apple released iOS 6.1.3 on Tuesday that fixes six flaws, including four it credited iOS jailbreak developers “Evad3rs” with finding.

In early February, the four man team of hackers behind Evad3rs released the latest jailbreak for iOS 6 using five exploits that allowed iPhone and iPad owners to jailbreak devices running Apple’s 28 January release of iOS 6.1.

Apple then released iOS 6.1.2 on February 19, but within a day Evad3rs released version 1.4 of the jailbreak, which added iOS 6.1.2 support.

The following week, Apple began testing an iOS 6.1.3 beta, which one of Evad3rs members, David Wang, noticed had patched one of the five bugs Evad3rs used in its jailbreak.

Wang told Forbes Evad3rs could simply replace the bug that Apple had discovered with one of the others at its disposal, but guessed that Apple would fix “most if not all” the bugs it used.

Evad3rs’ iOS 6 jailbreak lasted around six weeks and was downloaded by millions of iPhone and iPad owners.

Apple’s mailing list product security update includes a more detailed account of the flaws patched than are displayed in the standard notice users see when updating to iOS 6.1.3. The standard message only mentions fixing “a bug that could allow someone to bypass the passcode and access the Phone app”, which in January allowed a person with physical access to bypass the lock.

“This issue was addressed through improved lock state management,” Apple noted in the mailing list.

The four attributed to evad3rs in the mailing list update include:

dyld
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments. CVE-ID CVE-2013-0977 : evad3rs

Kernel
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine the address of structures in the kernel Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context. CVE-ID CVE-2013-0978 : evad3rs

Lockdown
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path. CVE-ID CVE-2013-0979 : evad3rs

USB
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code in the kernel Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers. CVE-ID CVE-2013-0981 : evad3rs

Another flaw concerns a WebKit vulnerability found by the two MWR Labs researchers known as “Nils and Jon” who took out top prize in the recent CanSecWest Pwn2Own for a Chrome bug and one in the Windows kernel.

WebKit
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking. CVE-ID CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags iOS 6.1.3securityevad3rs

More about AppleCSOHPTippingPointTippingPointWang

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts