Apple Credits Evad3rs for Security Changes

Earlier today, Apple released iOS 7.1, their first major release since iOS 7 in September last year.  Since then an update to the support document [ext link] has been released, detailing updates to security for iOS products. This new document [ext link] covers security improvements in iOS 7.1 download .

In the document, Apple makes a point of giving credit to jailbreak developers, in particular members of Evad3rs, as well as others who reported on and helped to make changes to the security of iOS 7.1.

Image:  Members of Evad3rs

evaders evad3rs

Evad3rs are given the credit for their contribution towards no less than 4 different security changes in iOS 7.1.  One of those changes is related to a malicious backup that can alter the file system, another is related to crash reporting where a local user can change file permissions. The final 2 are related to a kernel issue that allows code execution in the kernel, which is the basis of any good jailbreak, and a code that enables the bypass of code signing.

Apple is generous in its accreditation this time around. They have also singled out Filippo Bigarella, the developer responsible for the Springtomize tweaks and also Stefan Esser.  Bigarella gets a mention for bringing attention to an exploit that allows malicious apps to terminate the system while Esser’s pat on the back is related to highlighting the man-in-the-middle issue that resulted in iOS 7.0.6 being released.

Image:  iOS 7.1 Software Update Credits [ source ]


This certainly isn’t the first time that Apple has given thanks to jailbreak developers. Back in 2012, the Jailbreak Dream Team located a kernel exploit that Apple patched in iOS 5.1, followed up with credit given to the team.  iOS 6.1.3 was followed with credit to Evad3rs for finding 4 out of the 6 bugs that the Cupertino Company patched.

The Support documents for iOS 7.1 carry details of more than 20 different security issues in iOS 7 and more than 40 vulnerabilities that have either been fixed completely or at least made a little less serious in iOS 7.1.

Google Chrome’s Security team were mentioned as being responsible for finding 9 of the 14 vulnerabilities in the Safari WebKit browser engine.

If you wish to preserve your jailbreak or are intending to jailbreak in the future, stay away from iOS 7.1 as it has effectively closed all the doors on Evasi0n 7.  If you are intending to update to the new firmware, you can follow our guide on how to do so here.