Apple acknowledges evad3r jailbreakers found 4 of 6 exploits fixed with iOS 6.1.3

Posted:
in General Discussion edited January 2014
Taking a closer look at the security release notes for Apple's latest iOS 6.1.3 update, it was discovered that the tech giant gave credit to the hackers behind the popular evasi0n jailbreak for finding four of six patched exploits.

Evasi0n


As noted by The Next Web, the security note that came along with Tuesday's iOS 6.1.3 release credited evad3rs with unearthing four of the six flaws fixed by update.

Evad3rs leveraged some of the exploits to create the evasi0n jailbreak, which allowed iPhone 5 and iPad mini owners to "liberate" their devices. The untethered app was downloaded seven million times in its first four days of availability, leveraging exploits within iOS to grant users greater control over system-level functions usually reserved for first-party apps.

The newest iOS 6.1.3 reportedly breaks evasi0n, as reported in February when a beta version of the update was found to patch the exploits used for the jailbreak, but co-creator David Wang said there may be enough remaining flaws in the operating system to create an entirely new liberation tool.

The exploits discovered by evad3rs:
CVE-2013-0977

dyld

Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed by refusing to load an executable with overlapping
segments.

CVE-2013-0978

Kernel

Impact: A local user may be able to determine the address of
structures in the kernel
Description: An information disclosure issue existed in the ARM
prefetch abort handler. This issue was addressed by panicking if the
prefetch abort handler is not being called from an abort context.

CVE-2013-0979

Lockdown

Impact: A local user may be able to change permissions on arbitrary
files
Description: When restoring from backup, lockdownd changed
permissions on certain files even if the path to the file included a
symbolic link. This issue was addressed by not changing permissions
on any file with a symlink in its path.

CVE-2013-0981

USB

Impact: A local user may be able to execute arbitrary code in the
kernel

Description: The IOUSBDeviceFamily driver used pipe object pointers
that came from userspace. This issue was addressed by performing
additional validation of pipe object pointers.
A security flaw that allowed for the bypassing of an iPhone's lock screen, which turned out to be a logic issue in handling emergency calls, was found by Christopher Heffley of theMedium.ca, while a WebKit bug was discovered by Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative.
«13

Comments

  • Reply 1 of 43
    solipsismxsolipsismx Posts: 19,566member
    How dare Apple close holes in their code¡
  • Reply 2 of 43


    I wonder if Apple credited evad3rs as a slap to their face after dissecting the EvasiOn jailbreak. I can't see evad3rs being all proud of Apple giving them credit for the fix.

  • Reply 3 of 43
    mazda 3smazda 3s Posts: 1,613member

    Quote:

    Originally Posted by GadgetCanada View Post


    I wonder if Apple credited evad3rs as a slap to their face after dissecting the EvasiOn jailbreak. I can't see evad3rs being all proud of Apple giving them credit for the fix.



     


    I'm not sure I follow your logic. Apple's OS was exploited; why would evad3rs feel that they got slapped in the face? evad3rs dissected iOS 6.x with no help from Apple, while Apple had all the help in the world in the form of the jailbreak and a play-by-play to see how the jailbreak was accomplished.


     


    http://www.forbes.com/sites/andygreenberg/2013/02/05/inside-evasi0n-the-most-elaborate-jailbreak-to-ever-hack-your-iphone/

  • Reply 4 of 43
    auxioauxio Posts: 2,717member


    Seems like OS X could potentially be susceptible to a couple of these exploits as well (the dyld and USB ones).

  • Reply 5 of 43


    Not if the tweets from Musclenerd are anything to go by. 


     


    https://twitter.com/MuscleNerd/status/314073229268496384


     


    Apple is still signing 6.1.2 for now but I'd save blobs asap.

  • Reply 6 of 43

    Quote:

    Originally Posted by Mazda 3s View Post


     


    I'm not sure I follow your logic. Apple's OS was exploited; why would evad3rs feel that they got slapped in the face?



     


    Apple giving them credit for the fix I think is a slap to the face. That would be like me stealing your girlfriend and giving you the credit for introducing us at our wedding.

  • Reply 7 of 43
    solipsismxsolipsismx Posts: 19,566member
    <span style="color:rgb(54,54,54);font-family:'Helvetica Neue', Tahoma, Helvetica, Arial, sans-serif;font-size:14px;line-height:19px;">I wonder if Apple credited evad3rs as a slap to their face after dissecting the EvasiOn jailbreak. I can't see evad3rs being all proud of Apple giving them credit for the fix.</span>

    That's a good question. I would imagine it depending on the individual hacker.

    I am personally happy to see Apple finally give these frontiersmen some credit for finding flaws in their code. There was a time they not only ignored them but also ignored the holes they found.

    Perhaps it's a new double-edged strategy to prevent jailbreaking from being too popular as they surely won't win to keep it from being illegal. If they make it widely known they will close any holes that are used for the jailbreaking community those willing to give out their exploits freely may dwindle and what is given out will just make iOS stronger in the long run.
  • Reply 8 of 43
    mazda 3smazda 3s Posts: 1,613member

    Quote:

    Originally Posted by GadgetCanada View Post


     


    Apple giving them credit for the fix I think is a slap to the face. That would be like me stealing your girlfriend and giving you the credit for introducing us at our wedding.



    As Chris posted above, I don't think they see it that way.


     


    Bottom line, Apple is the only one that really get "punked" in all of this. The hackers do this stuff in their free time knowing full well that their software will eventually be "shut down"; and they provide their services for free. They will just move on to the next exploit, as they always do. 

  • Reply 9 of 43
    lightknightlightknight Posts: 2,312member
    AT&T, that's the way to behave. Take notes please.

    41 years of prison --> wrong behavior.
    Giving credits and fixing the flaw --> correct behavior.


    Should be simple enough to remember.
  • Reply 10 of 43
    lightknightlightknight Posts: 2,312member

    Quote:

    Originally Posted by Mazda 3s View Post


    As Chris posted above, I don't think they see it that way.


     


    Bottom line, Apple is the only one that really get "punked" in all of this. The hackers do this stuff in their free time knowing full well that their software will eventually be "shut down"; and they provide their services for free. They will just move on to the next exploit, as they always do. 





    Apple gets free security analyses, which means that these holes that would anyway have been found by black hats (think Mafia, Russia, Chinese, secret services etc) are one risk less for everyone...


     


    Bottom line, Apple has class, style and flair.

  • Reply 11 of 43
    cash907cash907 Posts: 893member

    Quote:

    Originally Posted by chriscaskey View Post


    Not if the tweets from Musclenerd are anything to go by. 


     


    https://twitter.com/MuscleNerd/status/314073229268496384


     


    Apple is still signing 6.1.2 for now but I'd save blobs asap.



     


    Done for all my devices. The only reason I jailbreak is for SBSettings, because I love having screen brightness, Airplane mode, Wifi and BT toggle among other things just a simple swipe away. If Apple would just copy that functionality instead of making me go through layers of settings menus, I'd be one happy user.

  • Reply 12 of 43
    melgrossmelgross Posts: 33,510member
    Apple giving them credit for the fix I think is a slap to the face. That would be like me stealing your girlfriend and giving you the credit for introducing us at our wedding.

    No it would be more like you kidnapping my underage daughter and texting me about it, and I then came and took her away, but didn't report you to the police since she was unharmed.
  • Reply 13 of 43
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by GadgetCanada View Post


     


    Apple giving them credit for the fix I think is a slap to the face. That would be like me stealing your girlfriend and giving you the credit for introducing us at our wedding.



     


    This is just childish nonsense.  "Credit" can never be a slap in the face.  It's credit.  It's an accolade, a praising, a giving of due honour for a job well done.  Only a immature fool would take it as a negative.  


     


    Your example is a bit off as well.  If someone is getting married to your "girlfriend," that's not an insult either and she wasn't "stolen" from you. In the first case, if she liked you to the same degree it would be you getting married, and in the second case a girlfriend isn't "property" anyway.  image

  • Reply 14 of 43
    MarvinMarvin Posts: 15,309moderator
    gazoobee wrote: »
    This is just childish nonsense.  "Credit" can never be a slap in the face.  It's credit.  It's an accolade, a praising, a giving of due honour for a job well done.  Only a immature fool would take it as a negative.

    There is an issue in the jailbreak community though where they have a limited number of exploits. If they run out, there's no more jailbreak. Sometimes jailbreak teams put each other down for releasing exploits too early as they are fixed too soon.

    I don't think there's any reason to assume Apple is issuing a slap in the face on purpose but at the same time, I don't think the jailbreak teams find these exploits to help Apple's security so the credit is given contrary to why they find them, which I'd guess is why some people assume it's a slap in the face.

    It's like they are saying, 'thanks to evad3rs for showing us all the exploits you were using to jailbreak our devices, now we can stop you doing it'.

    It's all just a cat and mouse game anyway, the people who are into doing it know how to downgrade their devices. It's better for users that serious exploits are patched.
  • Reply 15 of 43
    charlitunacharlituna Posts: 7,217member

    Quote:

    Originally Posted by lightknight View Post



    AT&T, that's the way to behave. Take notes please.



    41 years of prison --> wrong behavior.

    Giving credits and fixing the flaw --> correct behavior.





    Should be simple enough to remember.


     


    And what do the 114k folks that had their emails potentially sold to spammers get? He didn't need to harvest that many email addresses to make his point and he certainly didn't have to threaten to sell them etc

  • Reply 16 of 43

    Quote:

    Originally Posted by Gazoobee View Post


     


    This is just childish nonsense.  "Credit" can never be a slap in the face.  It's credit.  It's an accolade, a praising, a giving of due honour for a job well done.  Only a immature fool would take it as a negative.  


     


    Your example is a bit off as well.  If someone is getting married to your "girlfriend," that's not an insult either and she wasn't "stolen" from you. In the first case, if she liked you to the same degree it would be you getting married, and in the second case a girlfriend isn't "property" anyway.  image



     


    Ok fine, if my example makes you think I believe girlfriends are "property" (/roll of eyes), try this. Apple's basketball team had their playbook stolen from them by the Evad3rs basketball team. The Evad3rs studied the playbook and came up with set plays to counter Apples plays. Apple changes their playbook before the game and beats the Evad3rs. After the win, the Apple coach gives credit to Evad3rs by letting Apple know to change their playbook. I don't believe the Evad3rs submitted a bug report to Apple telling them about these exploits. Apple giving them credit for the fix is a slap to their face. It's not an accolade in this case because it is defeating the Evad3rs purpose. Take it easy on the name calling "Childish nonsense", "Only a immature fool would take it as a negative", you made me cry.

  • Reply 17 of 43
    mazda 3smazda 3s Posts: 1,613member

    Quote:

    Originally Posted by GadgetCanada View Post


     


    Ok fine, if my example makes you think I believe girlfriends are "property" (/roll of eyes), try this. Apple's basketball team had their playbook stolen from them by the Evad3rs basketball team. The Evad3rs studied the playbook and came up with set plays to counter Apples plays. Apple changes their playbook before the game and beats the Evad3rs. After the win, the Apple coach gives credit to Evad3rs by letting Apple know to change their playbook. I don't believe the Evad3rs submitted a bug report to Apple telling them about these exploits. Apple giving them credit for the fix is a slap to their face. It's not an accolade in this case because it is defeating the Evad3rs purpose. Take it easy on the name calling "Childish nonsense", "Only a immature fool would take it as a negative", you made me cry.



     


    But you act as if Apple has somehow "won". The game is not over... this cycle repeats itself again and again and again. Apple releases new version of iOS, hackers crack it, Apple releases fix; rinse and repeat. Only this is the first time that the jailbreakers have ever been acknowledged by Apple for their hard work.


     


    I'd say that's pretty "cool" in their book.

  • Reply 18 of 43
    gtrgtr Posts: 3,231member
    Actually, this appears to be a very clever play by Apple.

    Let's face it. A lot of these groups partly do what they do because they like acknowledgement and recognition, otherwise why not release anonymously?

    Now these jailbreaking groups know that, if they find an exploit, they're going to get more recognition than they ever dreamed of.

    There is a very strong possibility that Apple just recruited a shitload of very skilled exploit finders, who will work for free to discover exploits, in the hope that their work becomes "published" in the next iOS update.

    Pretty God-damn clever.
  • Reply 19 of 43
    solipsismxsolipsismx Posts: 19,566member
    Ok fine, if my example makes you think I believe girlfriends are "property" (/roll of eyes), try this. Apple's basketball team had their playbook stolen from them by the Evad3rs basketball team. The Evad3rs studied the playbook and came up with set plays to counter Apples plays. Apple changes their playbook before the game and beats the Evad3rs. After the win, the Apple coach gives credit to Evad3rs by letting Apple know to change their playbook. I don't believe the Evad3rs submitted a bug report to Apple telling them about these exploits. Apple giving them credit for the fix is a slap to their face. It's not an accolade in this case because it is defeating the Evad3rs purpose. Take it easy on the name calling "Childish nonsense", "Only a immature fool would take it as a negative", you made me cry.

    I don't think that's an accurate analogy at all.

    It's more like, the opposing team studied Apple's plays (not their playbook as they don't have access to source code) and then constructed ways around Apple's plays. Apple has countered by changing up its game so those flawed plays can no longer be exploited.

    They don't have to issue a bug fix to Apple for Apple to know about it. They don't even need the source code of the jailbreak to see what its exploiting on the iDevice since it will be apparent with what the app is sending to the device.

    I really don't see why you think this is a slap in the face. It's like saying Happy Birthday to someone and having get offended because they think it means they look a year older.
  • Reply 20 of 43

    Quote:

    Originally Posted by GTR View Post



    Actually, this appears to be a very clever play by Apple.



    Let's face it. A lot of these groups partly do what they do because they like acknowledgement and recognition, otherwise why not release anonymously?



    Now, these jailbreaking groups know that, if they find an exploit, they're going to get more recognition than they ever dreamed of.



    There is a very strong possibility that Apple just recruited a shitload of very skilled exploit finders, who will work for free to discover exploits, in the hope that their work becomes "published" in the next iOS update.



    Pretty God damn clever.


     


    Except nobody knows who the Evad3rs are. Anybody could say on their resume that they were part of the Evad3rs team but no one would really know for sure. I guess it could make you feel warm inside for just knowing yourself.

Sign In or Register to comment.