Following the release of the first major iOS 7.1 software update earlier today, Apple has now updated contents of the support document which outlines security updates for its products with a link to this newly created document describing iOS 7.1 security improvements.
In it, Apple credits prominent members of the jailbreak community such as evad3rs, the team behind the evasi0n jailbreak, as well as Google and others who reported issues and helped contribute toward the security changes within iOS 7.1…
Speaking of evad3rs, the team has been credited with contributing to four different changes in iOS 7.1.
One deals with a bug allowing a maliciously crafted backup to alter the iOS filesystem, the other details a crash reporting issue that could allow a local user to change permissions on arbitrary files and the remaining two concern a kernel issue that could allow arbitrary code execution in the kernel itself (the stuff of which jailbreaks are made) and a bug that could enable an attacker to bypass code signing requirements.
Filippo was mentioned in regard to an exploit allowing a malicious app to cause an unexpected system termination and Stefan got thumbs up for turning Apple’s attention to a dangerous bug that enabled a man-in-the-middle attacker to entice a user into downloading a malicious app via Enterprise App Download.
This isn’t the first time Apple thanked prominent hackers for their discoveries. In 2012, for instance, the company credited the 2012 iOS Jailbreak Dream Team with finding a kernel exploit that got patched in iOS 5.1. Likewise, following the release of iOS 6.1.3 in March 2013, Apple in this security note credited the discovery of four of the six bugs fixed to evad3rs.
All in all, the document details two dozen security-related issues in iOS 7 and a total of 41 vulnerabilities that have been fixed or mitigated in iOS 7.1. In addition to prominent hackers, Google’s Chrome Security Team and ordinary users have contributed as well.
Of the whopping nineteen vulnerabilities discovered in Safari’s Webkit browser engine, nine were reported to Apple by Google’s Chrome Security Team. WebKit was previously used in Google’s Chrome web browser.
Signing off, have you ever wondered why Apple stubbornly refuses to publicly acknowledge dangerous security exploits in its software, over which it gets chastised a lot by less-informed media outlets?
“Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available,” states the document.
See, this is for your own protection.
As a friendly reminder, jailbreakers should absolutely stay away from iOS 7.1 unless they want to lose their jailbreak because once you upgrade to iOS 7.1, you won’t be able to downgrade again – even with SHSH blobs.