iphonote.com_ apple-evad3rs-ios-7-1

Apple a publiquement remercié l’équipe Evad3rs, auteur du jailbreak de l’iOS 7.x avec Evasi0n7, et d’autres jailbreak auparavant, pour avoir rapporté quelques vulnérabilités dans iOS 7.1. 

Voici les parties du changelog de ​​l’iOS 7.1 où est mentionné Evad3rs:

● Backup
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted backup can alter the filesystem
Description: A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process.
CVE-2013-5133 : evad3rs

● Crash Reporting
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files.
CVE-2014-1272 : evad3rs

● dyld
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Code signing requirements may be bypassed
Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions.
CVE-2014-1273 : evad3rs

● Kernel
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking.
CVE-2014-1278 : evad3rs

Stefan Esser et Filippo Bigarella ont également été remercié par Apple pour leur découverte. A savoir que ces deux hommes sont des membres actifs du Jailbreak grâce à leurs tweaks Cydia:

● CoreCapture
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application can cause an unexpected system termination
Description: A reachable assertion issue existed in CoreCapture’s handling of IOKit API calls. The issue was addressed through additional validation of input from IOKit.
CVE-2014-1271 : Filippo Bigarella

● iTunes Store
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A man-in-the-middle attacker may entice a user into downloading a malicious app via Enterprise App Download
Description: An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL and prompting the user during URL redirects.
CVE-2014-1277 : Stefan Esser

Suivez-nous depuis notre application et sur Twitter : @iPhonote – Facebook : BlogiPhonote

Partager un commentaire