iOs 7.1 (teaser 001)

Following the release of the first major iOS 7.1 software update earlier today, Apple has now updated contents of the support document which outlines security updates for its products with a link to this newly created document describing iOS 7.1 security improvements.

In it, Apple credits prominent members of the jailbreak community such as evad3rs, the team behind the evasi0n jailbreak, as well as Google and others who reported issues and helped contribute toward the security changes within iOS 7.1…

Speaking of evad3rs, the team has been credited with contributing to four different changes in iOS 7.1.

One deals with a bug allowing a maliciously crafted backup to alter the iOS filesystem, the other details a crash reporting issue that could allow a local user to change permissions on arbitrary files and the remaining two concern a kernel issue that could allow arbitrary code execution in the kernel itself (the stuff of which jailbreaks are made) and a bug that could enable an attacker to bypass code signing requirements.

Screen Shot 2014-03-10 at 18.29.56

Apple also credits other members of the jailbreak community such as Springtomize 3 developer Filippo Bigarella and talented iOS hacker Stefan Esser.

Filippo was mentioned in regard to an exploit allowing a malicious app to cause an unexpected system termination and Stefan got thumbs up for turning Apple’s attention to a dangerous bug that enabled a man-in-the-middle attacker to entice a user into downloading a malicious app via Enterprise App Download.

This isn’t the first time Apple thanked prominent hackers for their discoveries. In 2012, for instance, the company credited the 2012 iOS Jailbreak Dream Team with finding a kernel exploit that got patched in iOS 5.1. Likewise, following the release of iOS 6.1.3 in March 2013, Apple in this security note credited the discovery of four of the six bugs fixed to evad3rs.

All in all, the document details two dozen security-related issues in iOS 7 and a total of 41 vulnerabilities that have been fixed or mitigated in iOS 7.1. In addition to prominent hackers, Google’s Chrome Security Team and ordinary users have contributed as well.

Of the whopping nineteen vulnerabilities discovered in Safari’s Webkit browser engine, nine were reported to Apple by Google’s Chrome Security Team. WebKit was previously used in Google’s Chrome web browser.

Signing off, have you ever wondered why Apple stubbornly refuses to publicly acknowledge dangerous security exploits in its software, over which it gets chastised a lot by less-informed media outlets?

“Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” states the document.

See, this is for your own protection.

As a friendly reminder, jailbreakers should absolutely stay away from iOS 7.1 unless they want to lose their jailbreak because once you upgrade to iOS 7.1, you won’t be able to downgrade again – even with SHSH blobs.

  • Tony Trenkle Jr.

    At first I thought this was a bad thing. Now I realize it’s not

  • Framboogle

    Kudos to Apple for giving credit where deserved.

  • John Merkowsky

    So they are giving credit to Evad3rs because they exploited these things and thus Apple was able to see them?

    • Liam Mulcahy

      Yeah

  • Thievery

    Now they should also credit all the devs from the JC that created all the features Apple stole and implemented in their OS.

    • Maxim∑

      please…

      • jacob wolin

        Multitasking in general, wallpapers in the background of the device, the app store, toggles, and thats just to name a few.

      • Maxim∑

        lol I’m done.

      • ThePirate

        Uhm copy paste and video recording were originally jailbreak only apps/tweaks. I could go on and on but why waste my time for a schmuck like you?

      • Maxim∑

        9/10

      • Marcus

        Notification Center was another big one

      • Chris

        If anything, they “stole” this from Android.

      • Sam Khan

        FYI android also stole tweaks from JB community. and jailbreak was around before the birth of android and apple’s app store

      • ✪ aidan harris ✪

        This wasn’t stolen it was effectively bought by hiring the developer that made the jailbreak notification centre tweak…

      • MeloIsOverrated

        Control center too…

      • Marcus

        Which tweak was that? SBSettings?

      • Chris

        That’s ridiculous. You really think the jailbreak community invented those things?

      • Jake1047s

        Many of the items on iOS 7 and previous iOS’s were from the jailbreak community. If you look at the tweaks they are very similar almost identical to what apple released, yes Android came out with many of these things first but that’s were the jailbreakers got many of their inspirations from. Most of the iOS things that have come out have come from Jailbreak not android. Same way android “stole” the phone from apple, they did take the idea of the iPhone and they turned in into their own things.

      • Glen Willer

        I have been JB my iPhone sine the very first JB. Before Android the answers to your question is YES

      • ThePirate

        Absolutely, and CrApple took many many tweaks etc and pawned them off as their own. All this is old news to anyone involved in the jailbreak scene.

      • SebestyenSzabo

        While the App Store (or something similar) was pioneered by the jailbreak community on iOS, I think it’s unlikely that Apple would have had “no plans” to bring apps to iOS, only to do just that some months later. The idea of a central place to download and install software from wasn’t new, and it was probably in the books all along for iOS.

      • Glen Willer

        Actually the App Store was around long before Apple and Google……Palm just saying.

      • ✪ aidan harris ✪

        Multitasking != Backgrounder

        Wallpapers on a home screen should be a standard essential patent (if it isn’t) i.e every smartphone should have the ability for it to display wallpapers for it to be commercially viable and as such companies should not be litigated just because they weren’t the first to show a background on their OS

        AppStore != Cydia

        Control Centre != SBSettings

      • Chris

        Honestly, I see where your coming from but it’s Apple! They premeditate everything they do so it stands to reason that they probably had their irons in the fire long before those ideas were even fleshed out in the jailbreak scene.

      • Lots of assumptions there…

      • Farbod

        Dude this isn’t code. Just write “isn’t” or “not equal to”. Most people have no idea what != is

      • ✪ aidan harris ✪

        I know I’m just lazy 😉

      • Yered Martinez

        I’ve been jailbroken since 1.1.4. Correct me if im wrong but, didn’t SBsettings came out before android added “quick switches”? or what ever they are called.

      • George Prah Awudi

        typical example is the new multi-tasking feature (apperance)

  • ap3604

    Apple should compensate hackers who find security exploits the way Google and Microsoft do.

    • Skoven

      Well… then jailbreaking might become a thing of the past 🙁

      • ap3604

        I mean they should pay these guys even if they come out with a jailbreak for alerting Apple to an iOS security risk.

      • SebestyenSzabo

        And therefore, it would completely change some people’s motivation to find exploits, and the community would change forever, and possibly even die.

  • on3simpleclick

    This is interesting. I would have never thought that the people who create jailbreaks would tip off Apple on any vulnerabilities, but when they are directly effecting the underlying security of the operating system, it’s nice to see them let Apple know what they are, so they can be patched. Nice work guys!

    • Bkfraiders7

      Thats…not how it worked. Apple just analyzed the Evasi0n jailbreak and saw the vulnerabilities it used and fixed them. I doubt any of the members privately announced the vulnerabilities so Apple would patch them.

      • Maxim∑

        Yes evad3rs first uses it for their own needs then Apple most likely downloads the tool and reverse engineers it and patches the exploits evad3rs might contact them to, not sure. So its not like a white hat who would report it privately first.

      • John

        I don’t know if I can 100% agree with you on this.

        I accept that Apple no doubt reverse engineer jailbreak tools, but doesn’t Apple hire jb community members? Some quite publicly and I’m sure some very privately.

  • Maxim∑

    They do this every year, nothing new

  • jack

    I really like the new update… things run smooth and zero crashes! Higher productivity thanks to faster animations and no delay. Lol @ jbkers 🙂

    • Abi Manyu

      lol, 7.0.6 is already smooth, besides, we jbkers can do wayyy more stuffs on our iphone than yours… give it few days and all those 7.1 cosmetics upgrade will leave you feeling empty…

      • Chun-Li aka ThunderThighs

        The difference from a 7.1 and a 7.0.6 jailbreak is that he won’t see any resprings

      • Abi Manyu

        there’s an app for that…

      • Arjan Vlek

        My ipad has already respringed once on ios 7.1. Low memory error from backboardd. Was browsing in Safari.

      • ConduciveMammal

        “Can do way more stuffs than yours”? This isn’t a children’s playground

      • Abi Manyu

        of course not, its a grown up playground

  • ARX8

    Sounds like apple making fun of them. The irony!

  • Blip dude

    Aww F*** and here I was ready to replace my iPhone 5 with the $49 replacement fee and Jailbreak it (The replacement would already have to be Unlocked), and make at least $450 out of it on eBay. Oh well, I guess now I’m stuck with making a lower amount.

    • Joonyaboy

      They don’t always update the already packaged phones. You could still get lucky

      • XboxOne

        They always update the iPhones before shipping them back to people.

  • FrankensteinBlack

    No thanks. I’ll keep the jailbreak! Ryan Petrich will knock out about half of these vulnerabilities without the need to loose the jailbreak. Just sayin…

    • MeloIsOverrated

      So true.

  • pauleebe

    Kudos to these guys, but unfortunately the rest of the article makes me cringe. That’s a lot of holes plugged, meaning less exploits for future jailbreaks.

  • h4nd0fg0d

    Eww, hot discussion.

  • Alejandro Hernandez

    i hope this fixes the blue screen of death on iphone 5S, i have almost 2 weeks without my iphone because of this bug

  • Sandy Cook

    So much silly here

    ‘maliciously’ ‘enable an attacker’ – Or somebody sick of being treated like a child by the device they own

    “Signing off, have you ever wondered why Apple stubbornly refuses to publicly acknowledge dangerous security exploits in its software, over which it gets chastised a lot by less-informed media outlets?

    “Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” states the document.

    See, this is for your own protection.”

    Refusing an vulnerability’s existence doesn’t stop it’s vulnerability or spread. The smart thing to do here is to act where you can, and inform wherelse so people can avoid making it accessible (if applicable)

    For our own protection is laughable

    • Joe Benning

      “See, this is for your own protection.”

      I’m pretty sure he was be facetious there…

      • Sandy Cook

        Possibly. His track record however is more along the lines of Apple never doing any wrong. Not to mention the ‘less-informed’ dig

  • Joe Benning

    Lets not confuse “credit” with “thanks”. It’s merely a “siting” and nothing more. Knowing Apple, probably due to some legal avoidance reason.

  • s0me

    LOL “The most advanced mobile OS” A wallpaper and some icons with 0 customization and limited settings control doesnt look advanced to me…

  • Palmer Paul

    You forgot to mention rg0rd! He’s a member of the jailbreaking community as well.