iOS 7.1 security changes credited to evad3rs and other jailbreak community members

Following anticipation, Apple released its first major iOS 7.1 software update. In addition to the update, a support document detailing on the security changes has also been released. An important portion of the document is the detail of the security improvements in iOS 7.1.

Among the stakeholders that have been acknowledged by Apple, prominent ones include members from the jailbreak community (evad3rs), the team responsible for evasi0n jailbreak, Google and other related personnel who reported issues and helped in addressing security concerns.

Evad3rs has been accredited with helping in making four changes to the iOS 7.1.

The first change deals with a bug that may be change the iOS file system using a maliciously made backup. The second is about a crash reporting issue that deals with change permissions on arbitrary files. The third and fourth change, both deal with kernel related issues which lead to arbitrary code execution. Due to this bug, an attacker may be able to bypass the code signing requirements.

Other prominent mentions also include Filippo Bigarella, developer for Springtomize3 and Stefan Esser, an iOS hacker.

Bigarella was able to point out an unexpected system termination arising due to the action of a malicious app. Stefan pointed out a man-in-the-middle attack through a bug which could lead the user to download a malicious app.

Apple has been previously known to laud the efforts of hackers to strengthen its security system. Back in 2012, the iOS Jailbreak Dream Team was acknowledged for their discovery about a kernel based exploit, which led to the patch in iOS 5.1. Likewise, four changes in the iOS 6.1.3 were accredited to evad3rs, as the time was able to point out 4 of the 6 bugs in the iOS.

Coming back to the support document, it enlists 41 threat prone areas that have been rectified in the iOS 7.1. Also worthy to note is that in addition to the ‘usual’ prominent hackers, the Google’s Chrome Security Team has also contributed.

The Chrome Security Team was able to point out 9 out of 19 points of threat in the Safari’s Webkit browser engine.

The document at the end also states that Apple doesn’t let the general public know about the security exploits until the necessary patches are available. This statement answers the skepticism that Apple has to face at the hands of less informed media outlets.


blog comments powered by Disqus
Octofinder Blog Catalog