Apple nell'ultimo aggiornamento di iOS ha corretto le falle usate da Evasi0n per fare il Jailbreak.
Apple, nonostante abbia chiuso solo 4 delle 6 falle, ringrazia gli hacker per avergliele segnalate. Ecco l'estratto:
CVE-2013-0977dyld
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed by refusing to load an executable with overlapping
segments.
CVE-2013-0978
Kernel
Impact: A local user may be able to determine the address of
structures in the kernel
Description: An information disclosure issue existed in the ARM
prefetch abort handler. This issue was addressed by panicking if the
prefetch abort handler is not being called from an abort context.
CVE-2013-0979
Lockdown
Impact: A local user may be able to change permissions on arbitrary
files
Description: When restoring from backup, lockdownd changed
permissions on certain files even if the path to the file included a
symbolic link. This issue was addressed by not changing permissions
on any file with a symlink in its path.
CVE-2013-0981
USB
Impact: A local user may be able to execute arbitrary code in the
kernel
Description: The IOUSBDeviceFamily driver used pipe object pointers
that came from userspace. This issue was addressed by performing
additional validation of pipe object pointers.
[fonte]
Nessun commento :
Posta un commento
Nota. Solo i membri di questo blog possono postare un commento.