Apple iOS 6.1.3 Fixes Evasion Jailbreak Bug, WebKit Flaw

Apple has patched a handful of security vulnerabilities in iOS, including a bug that was used for the latest iPhone jailbreak tool, called Evasion. Apple iOS 6.1.3 has patches for six vulnerabilities, including the screen lock bypass bug and a flaw in WebKit that can be used to execute arbitrary code.

Apple has patched a handful of security vulnerabilities in iOS, including a bug that was used for the latest iPhone jailbreak tool, called Evasion. Apple iOS 6.1.3 has patches for six vulnerabilities, including the screen lock bypass bug and a flaw in WebKit that can be used to execute arbitrary code.

The release of iOS 6.1.3 constitutes a major security update for iPhone, iPod and iPad users and it’s one that most users should install as soon as they can. However, for those iPhone owners who have jailbroken their devices already, installing the update will undo that process and prevent users from rolling back to the older, jailbroken state.

Perhaps the most serious vulnerability repaired in iOS 6.1.3 is the WebKit flaw, which can be used for remote code execution.

“Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking,” Apple said in its advisory.

In addition to that fix, Apple also included a patch for a known vulnerability in iOS that enables a user to bypass the PIN code lock to gain access to the device.

“A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management,” Apple said.

 

Suggested articles