Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Apple credits Evad3rs team for holes plugged in iOS 6.1.3

Apple credits Evad3rs team for holes plugged in iOS 6.1.3
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 19, 2013, 09:48 PM
 
In closing six potential exploits in the security-oriented iOS 6.1.3 update released earlier today -- and simultaneously breaking compatibility with the evasi0n jailbreak -- Apple has acknowledged the contributions of the Evad3rs team behind the jailbreak with finding four of the six flaws that, in the wrong hands, could have lead to an increased risk of malware rather than just a path to unofficial apps and customizing. Though the jailbreak hack no longer works, the team suggest that other flaws still exist.

Though jailbreaking itself is not illegal, Apple has a vested interest in discouraging the practice, as it requires hackers to find exploits in iOS that can be used to inject potentially-dangerous (and often unstable) new system code. On the other hand, the hackers -- who do the tedious research to find the exploits for free in order to further their jailbreaking aims -- are not generally malicious, and ironically help the company uncover and fix flaws that could have otherwise been found and exploited by those intent on stealing data or compromising device security.

Though Apple will continue to close exploits as it finds them and thus play a cat-and-mouse game with exploit researchers, the acknowledgement in the security notes on iOS 6.1.3 shows the company is willing to credit those who help it close potentially-dangerous flaws -- even if Apple doesn't fully approve of what they're unofficial nature. The iPhone maker has also taken to hiring security researchers behind iOS hacks as consultants to help harden iOS for enterprise use and general security improvements.

The Evasi0n jailbreak proved exceptionally popular among iPhone users, having been downloaded millions of times during the first week of availability. While most jailbreakers simply want to customize their system more than Apple permits or take advantage of a specific feature -- such as unofficial tethering -- not allowed in App Store-approved apps, some do use the jailbreak process to attempt to download pirated copies of paid apps, which also introduces a high risk of malware or even viruses that could leverage the compromised codebase. Apple must walk a line that keeps researchers interested in helping the company find and close flaws, while still taking steps to discourage abuse of jailbreaking due to security and app piracy concerns.

The other two exploits patched by Apple covered a complex but reproducible method of bypassing the iOS lock screen by taking advantage of a flaw in the way the iPhone handles emergency calls, and a WebKit bug in Mobile Safari. These were credited to a Canadian researcher and a team working with HP TippingPoint's Zero Day Initiative, respectively. One of the Evad3rs team, David Wang, is quoted by AppleInsider as saying there may be enough remaining flaws discovered by the team to make a new version of the evasi0n jailbreak possible, but could not commit to anything for certain.


( Last edited by NewsPoster; Mar 19, 2013 at 09:54 PM. )
     
Junior Member
Join Date: Mar 2008
Status: Offline
Reply With Quote
Mar 20, 2013, 01:40 AM
 
That they are actually credited.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 09:38 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2