Apple ringrazia il team di Evad3rs

by on in APPLE, IOS 7, JAILBREAK, News, Uncategorized

Di tutto ciò che ha accompagnato il rilascio di iOs 7.1, da segnalare vi è anche il ringraziamento pubblicamente di Apple al team di Evad3rs, il team che ha creato il jailbreak di iOS 7 e anche di altre versioni.

 

Come già è successo in passato, l’azienda californiana ha deciso di ringraziare pubblicamente il team di hacker per la segnalazione di alcune vulnerabilità, che successivamente sono state corrette con il rilascio della versione 7.1 del sistema operativo mobile della Mela.

Di seguito, vi riporto solo alcune parti in cui viene ringraziato il team di Evad3rs:

● Backup
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted backup can alter the filesystem
Description: A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process.
CVE-2013-5133 : evad3rs

● Crash Reporting
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files.
CVE-2014-1272 : evad3rs

● dyld
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Code signing requirements may be bypassed
Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions.
CVE-2014-1273 : evad3rs

● Kernel
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking.
CVE-2014-1278 : evad3rs