14 DAY TRIAL // iOS 6.1.3 is now out and into the hands of iDevice owners worldwide. Apple has informed customers that the new software update patches one widely-reported bug, and delivers some improvements to Maps in Japan. But that’s only half the story.
Published hours after the official iOS 6.1.3 release, a support document on Apple’s web site reveals that the new update corrects a number of security flaws, among which the passcode lock vulnerability is described.
“A person with physical access to the device may be able to bypass the screen lock,” reads the description.
“A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management,” Apple states.
Another vulnerability would enable a local user to change permissions on arbitrary files.
Regarding this particular bug, Apple reveals that “When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link.”
The company addressed the problem “by not changing permissions on any file with a symlink in its path.”
A Kernel flaw is also mentioned. Triggered by an information disclosure issue in the ARM prefetch abort handler, the bug would allow a local user to determine the address of structures in the kernel.
“This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context,” according to the security advisory published by Apple.
A less complicated WebKit flaw is also disclosed. Apparently an invalid cast existed in the handling of SVG files, leading to an unexpected application termination or arbitrary code execution, by visiting a maliciously crafted website.
“This issue was addressed through improved type checking,” Apple says.
iOS 6.1.3 is available for all iOS devices starting with iPhone 3GS.