Wednesday, March 20, 2013

Apple credits evasi0n jailbreakers in iOS 6.1.3 update notes

Apple credits evasi0n jailbreakers in iOS 6.1.3 update notes

The evasi0n untethered jailbreak wasn't able to evade the fixed exploits in this week's iOS 6.1.3 update, but at least Apple is giving the hacking team a tip o' the hat.

A security note released by the company acknowledges the evad3rs team for being the to first discover four of the six vulnerabilities that were patched in iOS 6.1.3.

"It's kind of fun to see our online aliases, which tend to be pretty whimsical, listed alongside more staid names," David Wang, evasi0n creator, told TechRadar.

As one of the four evad3rs hackers who took advantage of iOS bugs to create a way for users to install non-Apple-approved software, Wang noted that this is "not the first time Apple has named jailbreakers in their release notes for security fixes."

iOS 6.1.3 jailbreak

The evasi0n untethered j ailbreak team is credited in the Apple document for being the first to come across the dyld, Kernel, Lockdown and USB.

The two other exploits patched in iOS 6.1.3 are WebKit and Passcode Lock, the latter being a bug that allowed someone to bypass the four-digit passcode screen without entering numbers.

According to Wang, the evad3rs isn't working on an iOS 6.1.3 jailbreak just yet. That decision will come about when the team re-groups, probably in April when they're face-to-face.

"We are not doing any more work immediately," Wang said.

"But likely when we get back together in person in Amsterdam for the Hack in the Box conference in a couple of weeks, we'll more closely examine the situation."

Untethered 'jailbreakers stay away'

Now that iOS 6.1.3 is available to download, faithful users of the untethered jailbreak sho uld avoid updating to the new version of the mobile operating system.

"iOS 6.1.3 is out. Jailbreakers stay away! There's no coming back to 6.1.2 JB even if you saved blobs (except iPhone 4 and ipt4g)," exclaimed another evad3rs hacker, MuscleNerd, in a tweet.

The evasi0n jailbreak was significant because it was the first legitimate untethered jailbreak for iOS 6.1 and 6.1.2, and the first to work with newer devices like the iPhone 5, iPad 4, and iPad mini.

It was downloaded 270,000 times in the first few hours and made its way to about 18 million Apple devices in the past six weeks, according to Forbes.

There is good news for those searching for an untethered jailbreak for iOS 6.1.3.

Wang has previously stated that the evad3rs team has found other bugs in the iOS platform and could create an entirely new jailbreak based on those.

iOS 6.1.4 to really fix the lockscreen?

Wang and his team may want to wait for iOS 6.1.4, however, as another major security vulnerability has already been discovered in iOS 6.1.3.

The aforementioned Passcode Lock glitch, while fixed in one way, can still leave iPhone use rs vulnerable in another, reports BGR.

An iPhone's voice command feature can be used to dial a number and subsequently access a device's address book and photos, even when the passcode screen has been activated.

This video demos the flaw:

This requires ejecting the SIM card while the phone is dialing, which ends the call, but ultimately gives the unauthorized user access to the address book and photos.

BGR notes that this was tested on an iPhone 4 running the new iOS 6.1.3 update.

TechRadar contacted Apple to see if a fix for this new Lockscreen issue is being prepared for iOS 6.1.4, and will update this story when the company responds.

No comments:

Post a Comment

//PART 2