Apple locks down jailbreaking, patches lockscreen bypass bug

iPhone users have been having a field day with the Evasi0n jailbreaking tool, which allows them to break out of Apple’s walled garden to customize the look and feel of the interface as well as run unauthorized apps available in rogue app stores like Cydia. In the six weeks since Evasi0n was released, about 18 million devices have already been jailbroken, according to Jay Freeman, the administrator for Cydia. He told Forbes that he’s counted 18.2 million unique iOS 6 devices that have visited Cydia, including 13.8 million iPhones, 3.4 million iPads and 1.1 million iPod touches.

The update puts the prisoners back in their cells, however. The update fixes a bug in the time zone settings that is the linchpin for dismantling Apple’s device control with Evasi0n, and will return any jailbroken device to Apple-approved settings.

The jailbreaking prevention may be the marquee story in all of this, but in all, Apple iOS 6.1.3 patches six vulnerabilities, the most severe of which is a flaw in WebKit that can be used to execute arbitrary code. "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution,” the Cupertino Kahuna said in its security advisory. “An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.”

Also of note, Apple patched a screen lock bypass bug that allows anyone with physical access to an iPhone 5 to bypass the PIN lock defense to gain access to the phone and place calls, listen to voice mails and view photos in the contacts section. That flaw – although difficult to exploit and very difficult to use for real harm – made global headlines when it was revealed in February.

"A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management," Apple said.

What’s hot on Infosecurity Magazine?