iPhoneRoot.com
Apple в iOS 6.1.3 исправила 4 уязвимости джейлбрейка Evasi0n
Apple признала заслуги команды хакеров evad3rs. В своем документе компания перечислила четыре уязвимости iOS, которые были исправлены в iOS 6.1.3, причем evad3rs указаны в качестве нашедших эти ошибки. Напомним, что всего в отвязанном джейлбрейке используется шесть уязвимостей. MuscleNerd комментирует:
Apple отдает должное @evad3rs за 4 из 6 исправленных в 6.1.3 ошибок системы безопасности
dyld
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.
CVE-ID : CVE-2013-0977 : evad3rs
Kernel
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine the address of structures in the kernel
Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context.
CVE-ID : CVE-2013-0978 : evad3rs
Lockdown
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.
CVE-ID : CVE-2013-0979 : evad3rs
USB
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code in the kernel
Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers.
CVE-ID : CVE-2013-0981 : evad3rs
Читайте нас в :
Оставить комментарий