toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Apple thanks Evad3rs team for discovering now-closed flaws

updated 09:00 pm EDT, Mon March 10, 2014

Ironically patches loopholes that allowed Evasi0n jailbreak to work

In a backhanded compliment, the security notes accompanying today's release of iOS 7.1 thank the jailbreaking hacker team known as Evad3rs -- known for their jailbreaking software, Evasi0n -- for finding several security flaws, which iOS 7.1 patches. Ironically, these discoveries are also what made the Evasi0n jailbreaking software work, and thus iOS 7.1 "breaks" the software and un-jailbreaks any iOS devices using Evasi0n.

While jailbreaking is not illegal, Apple frowns on the practice for a variety of reasons. Jailbreaking software -- which simply allows an iOS device to run software from outside the official App Store, as well as allows customized system modifications ranging from new themes to experimental features -- relies on security flaws in iOS to inject new code containing the customizations. The same flaws could be exploited for malicious purposes, which is why Apple is understandably keen to patch them as quickly as possible after they become known.

A second reason is that jailbreaking also allows users to pirate iOS software, which hurts the developer community as well as Apple, and again opens up a channel for the spread of malware. Finally, jailbreaking code often introduces stability and speed penalties that diminish the overall experience and cause problems, sometimes resulting in issues so severe users must seek help from Apple technicians in order to fix the problems. The Evasi0n software has been popular with jailbreakers for its well-put-together installation packages and swift updates to take advantage of the latest versions of iOS 7.

According to the security release notes, Apple has added fixes in the 7.1 update to address flaws found by individual researchers, corporate security specialists, and even rivals like Google. The patches cover issues found in Backup, the Certificate Trust Policy, Configuration Profiles, CoreCapture, Crash Reporting, dyld, FaceTime, ImageIO, IOKit HID Event, the iTunes Store, the kernel, Office Viewer, Photos Backend, Profiles, Safari, Settings, SpringBoard, SpringBoard Lock Screen, the TelephonyUI Framework, USB Host, the video driver, and WebKit.




by MacNN Staff

toggle

Comments

  1. James Katt

    Junior Member

    Joined: 03-02-08

    Evad3rs is rightfully thanked for uncovering security flaws in iOS 7. Who else would find these flaws?

    By correcting these security flaws, Apple keeps iOS the most secure, virus-free, trojan-free, malware-free operating system in the world.

    This allows Apple's customers to buy apps freely and safely, encouraging mass purchases of apps. Developers everywhere benefit from the safe ecosystem that Apple has created.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented