evasi0n Jailbreak Won’t Work on iOS 6.1.3 [Updated]

evasi0n-icon

We’ve some bad news for jailbreakers. David Wang aka planetbeing has revealed that iOS 6.1.3 beta 2 that was seeded to developers last week, fixes a vulnerability that was used by evad3rs dev team for the evasi0n jailbreak.

This means that evasi0n jailbreak won’t work on iOS devices running iOS 6.1.3.

Forbes’ Andy Greenberg who spoke to planetbeing reports:

Wang tells me that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

“If one of the vulnerabilities doesn’t work, evasi0n doesn’t work,” he says. “We could replace that part with a different vulnerability, but [Apple] will probably fix most if not all of the bugs we’ve used when 6.1.3 comes out.”

Since evasi0n didn’t use a userland exploit like JailbreakMe, I assumed that Apple wouldn’t fix the vulnerabilities used by evad3rs dev team until iOS 7. However, it looks like the popularity of the evasi0n jailbreak, which has already been used to jailbreak more than seven million devices in just four days and concerns raised by security researchers may have forced Apple to fix the vulnerabilities.

Security researchers have nonetheless pointed out that Evasi0n could give criminals or spies some nasty ideas. The tool uses five distinct bugs in iOS, all of which might be appropriated and combined with other techniques for malicious ends. And F-Secure researcher Mikko Hypponen points out that if a hacker used a Mac or Windows exploit to compromise a user’s PC, he or she could simply wait for the target to plug in an iPhone or iPad and use evasi0n to take over that device as well.

More likely, perhaps, is a scenario described by German iPhone security researcher Stefan Esser. He argues that a hacker could use a secret exploit to gain access to an iPhone or iPad and then install evasi0n, using the jailbreaking tool to hide his or her tracks and keep the secret exploit technique undiscovered by Apple and unpatched. “That way they protect their investment and leave no exploit code that could be analyzed for origin,” Esser wrote on Twitter.

It remains to be seen how many vulnerabilities will be fixed by the time iOS 6.1.3 is released to the public. It goes without saying that jailbreakers should avoid upgrading to iOS 6.1.3 when it is released and probably a good time to jailbreak your iOS device if you haven’t done so already (You can find the links to our step-by-step jailbreak tutorials here).

iOS 6.1.3 includes major improvements for Maps app for Japan and a fix for the passcode security flaw, so I’m assuming the temptation to update to iOS 6.1.3 won’t be too high.

But let’s hope that the evad3rs can work their magic and figure out a way to jailbreak iOS 6.1.3.

Update:

Some more bad news, security researcher Stefan Esser has just tweeted that in addition to the timezone vulnerability, Apple has fixed another vulnerability that was used for evasi0n jailbreak:

Via: Forbes

Like this post? Share it!

  • Soneco

    i thought they had some exploits stock piled incase something like this happened…lets wait and see

    • http://profiles.google.com/sebastian.rasch Sebastian Rasch

      They need a certain combination of exploits. They might have several of the same type but I don’t know if they have enough of the ones they need to jailbreak. But yes, let’s hope and see!

    • blu

      They said they did, but it is a matter of figuring out what to replace it with, and if one exploit was fixed, did they fix all of them?

  • avso

    dosent apple see what they are doing is helping android and samsung

    • http://profiles.google.com/sebastian.rasch Sebastian Rasch

      Well not really, a secure OS is generally not a bad thing. ;)
      They should however allow something like “Experimental” apps, that sort that they don’t support and you’d maybe lose your warranty if you use them, but at least they’d be available in the app store – at one’s own risk. That’d be real progress.

      • Draino

        It’s a question of choice! If you want your os completely secure etc then don’t jailbreak. However what if you wanted to take the risk ? They don’t give u a choice. It’s like the govt not allowing you to eat a bigmac cause its bad for you. Jelly bean here I come

        • http://profiles.google.com/sebastian.rasch Sebastian Rasch

          Wrong, that’s exactly the point. If Apple don’t plug the holes, the OS is NOT secure! No matter if you jailbreak or not.

  • http://profiles.google.com/sebastian.rasch Sebastian Rasch

    That’s bad news indeed, who knows if they’ll be able to hack iOS again soon – might take a while if at all possible.

  • blu

    The “security researchers” opinion has a flaw. In order for evasi0n to work, the end user must tap on the screen to complete the jailbreak. Now sure they may be able to do some stuff with some of the exploits, but not jailbreak without the users knowledge. Yes some people might just click on their screen because it says too, but you just can’t fix stupid.

    • Steroc

      What’s to stop them disguising the screen to make it look and act like the swipe to unlock screen or a fake safemode screen with click to restart button, that way people would leave the phone to download the jailbreak without being touched believing it to be restarting.

      • blu

        good point, I did not think about them re-writing evasi0n to look different. That could be a problem then (a small one, but still possible)

  • Bob

    So is there any app that will remedy the passcode security flaw (thus making it unnecessary to upgrade)? I know you can lock specific apps, but what about something to replace the main passcode entirely (so that someone couldn’t even get past the lock screen anyhow)?

    • blu

      Seems I read that the easy fix is to disable simple passcode in the Passcode Lock section. A complex passcode can’t be bypassed.
      Would be nice if someone came up with a cydia app that fixed it.

      • HammerZ

        Not really. Shouldn’t an app disableEmergency from Cydia do the trick? Yeah, it will disable the ability to call 911 in case of an emergency, but I cannot imagine why anyone cannot just unlock their phone to make that call.

  • untzuntz

    I guess ill update to 6.1.2 then. Who knows if they’ll release a 6.1.3 JB. my feeling is they’ll wait to burn another exploit on a more meaningful version.

  • http://rounak.me/ Rounak Jain

    :(

  • http://twitter.com/cambre0 Cambre

    If I upgrade to 6.1.3, will I be able to downgrade back to 6.1.2 if I have my blobs saved?

    • http://rounak.me/ Rounak Jain

      depends on which phone you have

    • http://www.iphonehacks.com iPhoneHacks

      No, there is no way to do it currently.

  • Damani Brown

    They thought it would last until IOS 7. Well they were idiots to think that. They fix it in the next update all the time. And when you have the folks over at iDownloadBlog posting EXACTLY how the jailbreak was done you can’t expect it to last long. Expect big Tim Cook to wipe out all the bugs. Next time, don’t mention you have more bugs, and make sure other retards don’t blog about how the jailbreak was done.

    • AT&T Rapes Me

      Ya apple don’t have anybody to Reverse engineer the software do they… Ya ur Idiot…

      • Damani Brown

        To reverse engineer in less than a week after the article. Ya right. You’re an idiot if you think they reverse engineered and re-wrote the IOS firmware with the patch in a week without aid from the article. You’re an idiot. You can’t even use the correct “You’re”. You’re dumb as a sack of rocks.

        • bcsc

          Really buddy? You need to relax a touch. Before you go ragging on people about how abbreviate words, you should be sure to type the subject topic correctly! iOS with an i.

          • Damani Brown

            It doesn’t matter how you put IOS. Apple just uses a lowercase “i”. However it’s an abbreviated word. It “should” be I.O.S (iPhone Operating System) but that just looks silly. So it looks like your dumb a** just corrected something that needed no correction. You’re even dumber than the other guy because you actually tried.

          • bcsc

            Again you are quite wrong. iOS is an acronym, not an abreviated word. Also seeing how Apple have named it iOS, with a small I the proper way to spell it would be ‘iOS’. dont you think so DamAni broWn? or is it Damani, as we’re randomly capitalizing letters in a proper name. If you find a single spelling of iOS with a capital I anywhere in this article, including quotes, and the Twitter capture in this article, I will drop this argument. You wont, because everyone here that knows what they are talking about, spells it correctly. In fact, I challenge you to simple Google “IOS”, and find even one iteration of it that uses a capital I. Good luck on that.

          • bcsc

            While you’re at it, try to find the missing b.

          • Damani Brown

            You can’t spell either… thanks for proving my point. Complete moron. OWNED.

          • WLyerMan

            Standard immature troll technique; over-the-top and unnecessary slam of internet slang (DB doesn’t get it) followed by ultra defensive lash out when his own flaws are pointed out, ended with “I can do something I can’t prove and is unrelated to anything” remark. Way to contribute to the world DB. We are impressed. Now go back to your WoW.

          • bcsc

            Solid way to deflect from being wrong about iOS. Mad props for being more developed than my 2 yerar old. He’s still stuck on ‘I know you are’. You’re lightyears ahead of him.

          • Guest

            I believe you’re mad because you make $8 an hour? LOLOLOLOLOLOLOLOL and kid can’t even spell “YEAR” get owned once again. I’m better than you in every way possible. I must admit it was a nice attempt to act tough on the internet, but you’ve just been raped… next.

            …. IS THERE NO ONE ELSE!
            IS THERE NO ONE ELSE!!!! “Troy voice”

          • WLyerMan

            Oh I almost forgot. The immature troll also has to have the last word. Just wait for it…….

          • Guest

            I got the last word :D boom.

          • J-DIZZL3

            WORD

          • Guest

            Again, you’re not as bad as the other guy. You can actually spell and complete sentences. This gentlemen is obviously an adult unlike BCSC.

          • bcsc

            Next time I come through Cali, ill be sure to stop by 945W Wabash and say hi. Its gotta be hard to pretend to be successful when you open your mouth so much that I can find any detail about you. Pro tip for you, if you want to seem a bit more respectable, you’d hide the 4 google+ , 3 facebook, 2 myspace, and and 15 other accounts that make you look like a jack a$s. Maybe then someone will take you serious. To discuss this more should I call 3343832 or the 206 number?

          • Guest

            Fail at doxing again. LOL My info is public sir. LOLOLOLOLOLOL nice attempt though. I simply like to change emails quite often. And you actually missed quite a few accounts. Make that 7 Facebook accounts. 1 myspace 1 new myspace and like 7 google+ accounts that’s it. If you’re going to attempt at doxing, tell me some info that I don’t already know. LOLOLOLOLOLOL skid from HF ahahahahahaahahahahah. Name my main email. ;) Oh snap, you can’t ;) those emails are shells, that number is a google voice shell, address is real for various reasons. It looks like you’ve failed sir. And I don’t have a 206 number super fail. LOLOLOLOLOLOLOL. You sir only proved that you can use google LOLOLOLOLOL. Show me some real doxing skills skid.

          • bcsc

            Your father is Ron Brown. Your mother is Tarina. She runs a nice little track club. Very sweet. The thing is, that your mouth opens you to a world of possibility. A well written letter to WTS (Why anyone would pay for a desk is beyond me) informing them of your recent conviction as a sexual predator, may be tough to explain. Hell, never mind what I could send to a school in America with your name address and phone number on it. Information is gold and you have wayyyy too much out there. Can you believe that this all stemmed from you being a douche and spelling iOS wrong? Best of luck in the markets son. You’re gonna need a lot of help in your future.

          • Damani Brown

            Seems like you’re terrible at doxing LOLOLOLOL. You don’t pay to trade at WTS. What an idiot. Sexual predator, way off LOLOLOLOL, and my information. You don’t have enough information to forge documents. My information is pretty beast isn’t it? I’m a beast aren’t I? Let the world know how much of a beast I am in track. ;) All you did was find public information.

            Come on man, give me some private information. I can find all this info using google. You don’t impress me I’m from HF, you did what every other skid does on HF. Lol what a noob. You’ve only pulled information that I put out there myself. I’m well aware of the information out there, I put it there for a reason. Now, stop using google and start cracking. ;) give me some “real” information. LOLOLOOLOLOLL I bet you thought this public info would impress me. xD Kid is probably running a cheap Windows PC. LOLOLOLOLOLOLOLOLOLOL

          • Noneya

            You’re pretty lame. Never heard of anyone quote a movie. I have however heard of people quote actors in a movie. FYI= Troy was a movie. Achilles was a character in the movie Troy played by Brad Pitt.

            Should read

            …. IS THERE NO ONE ELSE!
            IS THERE NO ONE ELSE!!!! “Brad Pitt (Troy)”

            You’re welcome.

          • Guest

            You’re an idiot with the name “none ya” LOLOLOOL GTFO skid.

            “IS THERE NO ONE ELSE!!!!” – Achilles

            What an idiot. Can’t even correct a quote correctly. But, what can you expect from a name “None ya” lOLOLOLOLOLOLOLOLOLOL Classic own. Thanks for the laugh kid. You can’t hang with the big boys. It was a nice troll attempt though.

          • bcsc

            Again, ‘Is there no one else?’ Is a question. You can’t even quote correctly never mind correct a quote correctly. And its still iOS.

          • Noneya

            Proved my point. Someone as “smart” as you had to come on here and second guess his previous quote based of off comment made by a user named Noneya. Shows how simple minded you are that you couldn’t even stand behind your own post. You had to come back and re-read your post. You found the obvious mistake tried to correct it with another post and still failed at it. You cant even LOL correctly. What a shame.

          • bcsc

            that would be ??? not !!!

          • bcsc

            Did you just call me owned. That’s rich, you know, historically speaking, of course…

          • Guest

            Flip are you talking about skid? Why would I call you owned. o_O guy is too retarded to know what owned means? This is worse than I thought.

          • bscs

            Whoops, did I forget forget to leave BCSC there. By owned I meant cotton field owned. Not put in your place owned. Figured you saying ‘owned’ was the pot calling the kettle, well you know, don’t you.

          • Guest

            Dude, seriously you need to take MANY more English classes. My god…

          • Damani Brown

            You sir are an idiot. I can out trade you in stock options any day kid. LOLOLOLOLOL. Probably don’t even know what a stock option is… shame. Kid gets paid $8 an hour and thinks he’s tough on the internet. LOLOLOLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLOLOLOOLOLOLOLOLOLOL

          • bcsc

            I bet you can, That’s probably any one of your 4 Linkedin accounts has max 1 connection. Probably has something to do with how well you’ve engrained yourself into the market. Yup. Judging by you’re wannabe gangsta image, I’d say you’re just some punk in the ghetto tryin to floss for respect. Seems you got the hood mantra sorted with your post history. Keep up the big deals in the market Homes.

          • Guest

            I guess wearing a suit is pretty “gangster” let me know when you get on wall street kid. Learn to how to read the tape, beat the HFT, Marketmakers, and Hedgefund manipulation. Let me know when you learn how to day trade some stock options. I make more then you make a year in a month. LOLOLOLOLOLOLOL Let me know when you get your Series 56, and your Series 7 bud…. if you can pass the exam LOLOLOLOLOLOL. Get back to work at Mc Donalds LOLOLOLOLOLOLOL. You sir, amuse me. Even my students Zach, and Andrew, are making more money than you. LOLOLOLOLOLOLOL Probably even more than your parents LOLOLOLOLOLOLOL Kid fails at doxing. Probably a skid from Hackforums. LOLOLOLOLOLOLOL you jelly bro? Going to fire up your booter and DDOS me offline? hahahaha skid. Kid is probably a brony, go watch your little pony show to make you feel better. LOLOLOLOLOL. Again, you’ve been owned.

          • bcsc

            Yes, you do sound fantastic. Making 25k before breakfast and all that. Lets see. You are 23 and claim to be some phenomenal investment banking wizard with students. yet you have nothing except a couple coined terms to back it up. In reality though, a simple search on you points to the opinion that you are no more than a jerk off student living off of his parents, setting up web accounts in an attempt to impress people. If you want to look good at least get rid of the resume stating you worked a taco stand at track meets. if you want to claim volunteer work do something useful. You’re gonna have a tough road ahead, when employers start digging into your history. I mean look at what I could find in an hour. Unless of course you think Myspace pages for the sole purpose of befriending classless girls, and flickr accounts with hefty skanks pics is appealing to employers. On another note, how did such an amazing stack guy with infinite amounts of money let his website slip?

          • bcsc

            On second thought. Maybe I’ll head over to godaddy and snap up the .org .info and .net domains, that your cheap, unprofessional ass was too dumb to add on for 15 bucks. I could do fun things with these.

          • Guest

            Go snag them up for 15 skid. You don’t buy all of them for a personal domain. Guess you didn’t learn that in school? LOLOLOLOLOLOLOL. Yes, you can do many fun things but not too fun as you’ll run into a few legal issues ;) LOLOLOLOLOLOLOLOLOLOLOLOLOL

          • Guest

            I’m 23? LOLOLOLOLOLOLOLOLOLOLOLOLLLLOLOL Snacks are delicious. I have 4 students ;) 3 making money, coined terms? don’t think so. A taco stand? I believe it’s called a “snack bar” I guess kid never played sports. LOLOLOLOLOLOL that was volunteer work that I didn’t even work at because I had to compete ;) I won… as usual.

          • bcsc

            Out of curiosity, if I’m so wrong and you aren’t a complete POS, why are you starting to delete accounts? Lets call it what it is, you’re finally realizing that you do look like a clown.

          • Guest

            BTW FIX YOUR GRAMMAR! WTF MAN. YOU HAVE TO BE KIDDING ME!!!!!!!!!!!!! Re-read what you wrote and list your errors. My god, what do they teach these kids now-a-days?

          • Noneya

            So what does it stand for when related to iPod or iPad since they are not phones? Even in your own attempt to explain the abbreviation of iPhone Operating System you failed. “I.O.S (iPhone Operating System)” should read i.O.S (iPhone Operating System) you take the first letter of every word to make the abbreviation. Example = STFU. :-)

          • bcsc

            Maybe you could have gone to a reputable College and you would have learned this. Chaffey is just so……community.

          • Damani Brown

            University of Northridge?

  • Denzu

    What if they want to keep the other exploits for ios 7?

  • silencer

    Just don’t update your Iphone….keep it at ios 6.1…..

    • moe22

      its hard for the simple to see that.

  • ready0s

    first flaw & stupid we all just did was actually believe i0n1c before planetbeing or pod2g or pesmesks or w/e the name confirms that there was another patch till then i0n1c will troll

  • AT&T Rapes Me

    Hope they wait til at least 7.0..these are all bs updates apples is pushing out, so no need to really upgrade

  • draino

    can someone find where stefan esser lives and slap him silly in front of all his friends and family!

  • Jays_on

    So should we update to 6.1.2?

  • Bryan

    JBed my Ipad 2 on 6.0.1 . It crashed and accidentally loaded 6.1.3. Stupid mistake. Apple’s strategy to block ppl to use any FW is dumb. Also this is thr only OS which doesn’t have file browser and forces ppl to JB.