Evad3rs has been accredited with helping in making four changes to the iOS 7.1.
The first change deals with a bug that may be change the iOS file system using a maliciously made backup. The second is about a crash reporting issue that deals with change permissions on arbitrary files. The third and fourth change, both deal with kernel related issues which lead to arbitrary code execution. Due to this bug, an attacker may be able to bypass the code signing requirements.
Other prominent mentions also include Filippo Bigarella, developer for Springtomize3 and Stefan Esser, an iOS hacker.
Bigarella was able to point out an unexpected system termination arising due to the action of a malicious app. Stefan pointed out a man-in-the-middle attack through a bug which could lead the user to download a malicious app.
Apple has been previously known to laud the efforts of hackers to strengthen its security system. Back in 2012, the iOS Jailbreak Dream Team was acknowledged for their discovery about a kernel based exploit, which led to the patch in iOS 5.1. Likewise, four changes in the iOS 6.1.3 were accredited to evad3rs, as the time was able to point out 4 of the 6 bugs in the iOS.
Coming back to the support document, it enlists 41 threat prone areas that have been rectified in the iOS 7.1. Also worthy to note is that in addition to the ‘usual’ prominent hackers, the Google’s Chrome Security Team has also contributed.
The Chrome Security Team was able to point out 9 out of 19 points of threat in the Safari’s Webkit browser engine.
The document at the end also states that Apple doesn’t let the general public know about the security exploits until the necessary patches are available. This statement answers the skepticism that Apple has to face at the hands of less informed media outlets.
