- iPhoneRoot.com - https://iphoneroot.com/RU -

Apple в iOS 6.1.3 исправила 4 уязвимости джейлбрейка Evasi0n

Posted By admin On March 20, 2013 @ 12:32 am In Все,Прошивка,Software,Unlock & Jailbreak | Comments Disabled

[1]

Apple признала заслуги команды хакеров evad3rs. В своем документе компания перечислила четыре уязвимости iOS, которые были исправлены в iOS 6.1.3 [2], причем evad3rs указаны в качестве нашедших эти ошибки. Напомним, что всего в отвязанном джейлбрейке используется шесть уязвимостей. MuscleNerd комментирует:

Apple отдает должное @evad3rs за 4 из 6 исправленных в 6.1.3 ошибок системы безопасности :) http://is.gd/nfspim [3]

dyld

Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.
CVE-ID : CVE-2013-0977 : evad3rs

Kernel
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine the address of structures in the kernel
Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context.
CVE-ID : CVE-2013-0978 : evad3rs

Lockdown
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.
CVE-ID : CVE-2013-0979 : evad3rs

USB
Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code in the kernel
Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers.
CVE-ID : CVE-2013-0981 : evad3rs

Article printed from iPhoneRoot.com: https://iphoneroot.com/RU

URL to article: https://iphoneroot.com/RU/apple-fixed-in-ios-6-1-3-four-security-issues-used-in-evasi0n/

URLs in this post:

[1] Image: https://iphoneroot.com/wp-content/uploads/2013/03/evasi0n-icon-evad3rs-220x220.png

[2] были исправлены в iOS 6.1.3: https://iphoneroot.com/RU/apple-releases-ios-6-1-3-with-evasi0n-fix/

[3] http://is.gd/nfspim: http://is.gd/nfspim

Copyright © 2008-2015 iPhoneRoot.com. All rights reserved.