Apple ringrazia gli Evad3rs e altri hacker per le vulnerabilità corrette in iOS 7.1

783
0
CONDIVIDI

Riconoscimenti e ringraziamenti a molti hacker in tutto il mondo, in particolare ad Evad3rs, con la nuova versione di iOS 7.1, che proprio grazie alle peripezie di essi Apple ha potuto migliorare l’OS e le varie funzionalità in particolare.

Un punzecchiamento che si nota attraverso changelog di iOS 7.1, che vi mostriamo qui sotto:

  • Backup

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted backup can alter the filesystem
Description: A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process.
CVE-2013-5133 : evad3rs

  • Crash Reporting

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files.
CVE-2014-1272 : evad3rs

  • dyld

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Code signing requirements may be bypassed
Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions.
CVE-2014-1273 : evad3rs

  • Kernel

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking.
CVE-2014-1278 : evad3rs

Qui sotto, invece, vi riportiamo i ringraziamenti di Apple ad altri due personaggi ben noti nel panorama jailbreak, ovvero Stefan Esser e Filippo Bigarella:

  • CoreCapture

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application can cause an unexpected system termination
Description: A reachable assertion issue existed in CoreCapture’s handling of IOKit API calls. The issue was addressed through additional validation of input from IOKit.
CVE-2014-1271 : Filippo Bigarella

  • iTunes Store

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A man-in-the-middle attacker may entice a user into downloading a malicious app via Enterprise App Download
Description: An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL and prompting the user during URL redirects.
CVE-2014-1277 : Stefan Esser

Un particolare atteggiamento quello di Apple, già utilizzato in passato, il quale sfuma dal semplice riconoscimento alla voglia di sfida, che gli stessi hacker hanno nei confronti dell’OS di iPhone, iPad e iPod, prendendosi anche un po’ gioco di loro.

RIPRODUZIONE RISERVATA © Copyright OVERPRESS