November 23, 2024
Apple Credit Evad3rs on Four Security Fixes in iOS 6.1.3

Apple Credit Evad3rs on Four Security Fixes in iOS 6.1.3

Posted March 19, 2013 at 6:33pm by iClarified
Apple has acknowledged the evad3rs for discovery of four of the six security issues fixed in iOS 6.1.3, notes MuscleNerd.

Apple gives hat tip to @evad3rs for 4 of the 6 security fixes in 6.1.3 :) http://is.gd/nfspim

dyld
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.
CVE-ID : CVE-2013-0977 : evad3rs


Kernel
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine the address of structures in the kernel
Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context.
CVE-ID : CVE-2013-0978 : evad3rs

Lockdown
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.
CVE-ID : CVE-2013-0979 : evad3rs

USB
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code in the kernel
Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers.
CVE-ID : CVE-2013-0981 : evad3rs

Read More



Apple Credit Evad3rs on Four Security Fixes in iOS 6.1.3
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (21)
You must login or register to add a comment...
DiRNiS
DiRNiS - March 20, 2013 at 8:22pm
No one cares what you will do or buy.
toppdogg93
toppdogg93 - March 20, 2013 at 1:38pm
gotta have the tweaks thts how it was apps on cydia way before apple
Ecko
Ecko - March 20, 2013 at 12:59pm
I seriously hope they stay Evad3rs and dont get bought out. It's time "The Good Side" had some help to do whatever we want with the stuff we the AP pay our hard earned cash for.
Culua
Culua - March 20, 2013 at 5:39pm
Men can easily be corrupted with money. Money = power. I told myself thst too but, money can get to you.
archbishop
archbishop - March 20, 2013 at 9:00am
Does APPLE pay ANY money to Evad3rs for the iOS system security holes??? Just small amount... fe. 5ook EUR?
1
Gill
Gill - March 20, 2013 at 4:22am
Sounds like Apple's way of giving Evaders a big FU! Bottom line, cydia tweaks makes this phone better than android. If i didnt have cydia tweaks....id be on an android. Simple.
Chipsahoy
Chipsahoy - March 20, 2013 at 12:58am
Like that even matters the update isn't worth updating anyway !!! Jailbreaks are the only reason it's worth having a iDevice .... If we can put up with occasionally have a springboard crash why the think we care about a update ????
Adcpolo
Adcpolo - March 19, 2013 at 11:58pm
You must live on uranus..
Craig Los Angeles
Craig Los Angeles - March 20, 2013 at 12:28am
Ismael, There's a lot of dots in there. Is this code? Could. you post. your phone. just in case. of. emergency? We may need your help. ("We", the people who just have to wait for the next jailbreak)
Craig Los Angeles
Craig Los Angeles - March 20, 2013 at 12:28am
Ismael, There's a lot of dots in there. Is this code? Could. you post. your phone. just in case. of. emergency? We may need your help. ("We", the people who just have to wait for the next jailbreak)
chmak
chmak - March 19, 2013 at 8:58pm
Jailbreak uses security holes to allow "unsigned code" to run. An unsigned code means that the code is not checked in Apple side and the code can be run in system level. If you can run a code in "system" or "root" level, basically its like you are allowing people to enter in your house and do whatever they want. You don't want a stranger in your house. Fortunately, Evad3rs used them as good purposes. However, if some bad hacker used them, they can implement a script that allows any kind of information, such as passwords or credit card information inside the phone to be sent to the hacker.
Homer
Homer - March 19, 2013 at 11:28pm
Thats why I have a home insurance,actually I want some1 to come to my house and steal my stuff.
odedoo1
odedoo1 - March 20, 2013 at 4:00am
that's why jail-braking makes your device safer, the jailbreak program closes the security holes.
Joemama
Joemama - March 19, 2013 at 8:32pm
Why is apple so hell-bent on crushing jailbreaks? I mean there are people who jailbreak not only to download free apps but to customize their iDevices... I mean I used to be a hardcore jailbreaker, but I just gave up with all the stupid updates... I still maintain a jailbreak on my iPad but that's only because apps are typically a lot more expensive on the iPad than on the iPhone.. But I don't get the hostility towards jailbreakers when that's, a lot of the time, why people buy iDevices versus Android products in general.
jimbodc
jimbodc - March 20, 2013 at 4:24am
Joemama, I have exactly the same sentiments. Most if not all of my apps are legally acquired. I download pirated apps to test if no trial period is available. If the day come Apple finally closed all exploits for jailbreak, I will not have second thought on switching to Android gadgets.
Brian
Brian - March 19, 2013 at 7:43pm
The reason they are patching these holes is because although Evaders use it for good. Anyone can look to what the Evaders did (like Apple did) and use it for other things. Apple is simply trying to prevent bad people from doing bad things. Hats off to Apple for fixing holes. Hats off to Evaders for finding more and making my life better.
iH85CH001
iH85CH001 - March 19, 2013 at 8:08pm
Yes, but they should let it go until there is a real problem. Then they should worry about it. until then, they should just let us have our freedom...
Brian
Brian - March 19, 2013 at 8:20pm
You obviously have no security background. Google search Zero Day and that will answer why they need to close them as soon as they are discovered and publicly known.
Brian
Brian - March 19, 2013 at 8:20pm
You obviously have no security background. Google search Zero Day and that will answer why they need to close them as soon as they are discovered and publicly known.
p0werph0ne
p0werph0ne - March 19, 2013 at 6:59pm
Thanks a lot Downloading.......
JoshvanHulst
JoshvanHulst - March 19, 2013 at 6:40pm
I am so proud of the Evad3rs team finding these holes in firmware 6.0+
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS