14 DAY TRIAL // Apple officially killed off all known jailbreaks with the release of iOS 7.1 yesterday, and it even went to the trouble of crediting the hackers for a total of four different vulnerabilities that were used to compromise the software.
Available for iPhone 4 and later, iPod touch (5th-generation) and later, iPad 2 and later, a Backup bug would allow a hacker to “alter the filesystem” by using a maliciously-crafter backup image.
Apple’s description reveals that “A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process.”
Another flaw discovered by the infamous evad3rs deals with Crash Reporting. Affecting the same devices enumerated earlier, this bug would allow a local user to change permissions on arbitrary files.
“CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files,” Apple explains.
A flaw in dyld is mentioned as affecting the same device generations. Allowing for code signing requirements to be bypassed, the issue is described as follows in Apple’s security advisory:
“Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions.”
Last but certainly not least, a Kernel hole used by the evad3rs to jailbreak iOS 7 (and all subsequent releases up until iOS 7.1) is mentioned.
“An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function,” allowing a local user to “cause an unexpected system termination or arbitrary code execution in the kernel.” The iPhone maker patched the bug through improved bounds checking, as usual.
Apple’s advisory “About the security content of iOS 7.1” (located at http://support.apple.com/kb/HT6162) strangely outlines over two dozen new flaws discovered since the last patch was deployed three weeks ago.
The Cupertino mammoth credits corporate security specialists, including Google engineers, as well as individual researchers and enthusiasts.
Other affected areas in the system included Certificate Trust Policy, Configuration Profiles, CoreCapture, FaceTime, ImageIO, IOKit HID Event, iTunes Store, Office Viewer, Photos Backend, Profiles, Safari, Settings, SpringBoard, SpringBoard Lock Screen, TelephonyUI Framework, USB Host, WebKit, and video drivers.
For more info on what iOS 7.1 brings to the table, check out the related links below.