Apple ha acreditado oficialmente a el grupo de hackers Evad3rs con 4 de las 6 vulnerabilidades corregidas en el nuevo iOS 6.1.3. Recordemos que el grupo Evad3rs fue el encargado de lanzar el tan esperado Jailbreak del iOS 6. El grupo esta conformado por: planetbeing, Pimskeks, pod2g y MuscleNerd.
Estas son las vulnerabilidades acreditadas a dicho grupo:
dyld Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute unsigned code Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments. CVE-ID : CVE-2013-0977 : evad3rs Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine the address of structures in the kernel Description: An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context. CVE-ID : CVE-2013-0978 : evad3rs Lockdown Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path. CVE-ID : CVE-2013-0979 : evad3rs USB Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code in the kernel Description: The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers. CVE-ID : CVE-2013-0981 : evad3rs Pueden acceder a la nota original aqui:
APPLE-SA-2013-03-19-1 iOS 6.1.3
Si te gusto este articulo y quieres saber mas, sígueme en Twitter y Facebook:
