iOS 6.1.3 Beta 2 Released to Developers

[Anthony Bouchard]

Apple Thursday afternoon seeded iOS 6.1.3 beta 2 to iOS developers for testing. iOS 6.1.3 beta 2 is the second beta of the iOS 6.1.1 beta that was seeded to developers a couple of weeks ago, although it has been renamed because the latest version of iOS is currently iOS 6.1.2 and iOS 6.1.1 was the chosen name for a hot-fix on the iPhone 4S.

iOS 6.1.3 includes all of the improvements to the Maps application that were included in the iOS 6.1.1 beta, including the additional support for Japan, optimized directions, and improved road pronunciation as pointed out by 9to5Mac.

In today’s beta version, iOS 6.1.3 appears to have fixed the iOS 6.1 lock screen security issue that could allow someone to bypass your passcode and access information such as your contacts, photos, phone history, and more. Apple made an official comment about the security issue, saying "Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update."

It is not yet known if the update patches the evais0n jailbreak. It is recommended that users avoid the update when it is released to the public until hackers have made an official announcement on what to do. Being that the update is only in the second beta, it probably has a while to go still before it hits the public's hands.

Sources: 9to5Mac

[MXCO]

I say it'll be out by next Friday. But damn really 3 software updates in a month?

[WithinTemptationFan]

What's up with all these updates??

[gotgbus]

Apple be facking up lol

[NewdestinyX]

These are legitimate updates for problem issue. My how quickly we forget. Doesn't everyone remember 4.2.1, 4.2.2 ----> 4.2.8!! Then 4.3--> 4.3.3.. This is pretty typical for Apple. Only getting up to 5.1.1 last time was the oddball.

[Jato_BZ]

What's up with all these updates??

Hidden agendas???

[csglinux]

It will be interesting to see what Apple does in the final release of 6.1.3. They have a chance to be nice guys here and patch only the security holes.
The evasi0n jailbreak isn't a security threat, since you need the passcode lock (and any password for an encrypted backup) disabled.

Patching the jailbreak would only spoil the fun for a large number of Apple fans, who also happen to enjoy jailbreaking. I wonder if Apple can afford to do that right now?

[Anthony Bouchard]

It will be interesting to see what Apple does in the final release of 6.1.3. They have a chance to be nice guys here and patch only the security holes.
The evasi0n jailbreak isn't a security threat, since you need the passcode lock (and any password for an encrypted backup) disabled.

Patching the jailbreak would only spoil the fun for a large number of Apple fans, who also happen to enjoy jailbreaking. I wonder if Apple can afford to do that right now?

In Apple's eyes, the exploits used to jailbreak are security holes. If the evad3rs can generate a tool that can run third-party code on an iPhone, so can a malicious hacker. That being said, they will probably be patched.

[Simon]

These are legitimate updates for problem issue. My how quickly we forget. Doesn't everyone remember 4.2.1, 4.2.2 ----> 4.2.8!! Then 4.3--> 4.3.3.. This is pretty typical for Apple. Only getting up to 5.1.1 last time was the oddball.

4.2.8 wasn't in the same line of updates as 4.2.1 and 4.2.2. It was a Verizon iPhone only firmware. You are spot on with 4.3>4.3.5. If I recall the untethered jailbreak that came with 4.3 wasn't patched until 4.3.3 very similarly to the jailbreak now. That was when i0nic provided the untether and had his 15 minutes of jailbreak fame.

[WhyNotCallMeRo]

Can I download this somewhere without dev. Account?
I want the blob

[GrumpySod]

Apple playing a game of cat and mouse with the jailbreak! Will they/won't they fix it! Or maybe they have tried and failed lol

[dazdaman80]

I don't believe there is any cat and mouse game going on here, if apple could patch the exploit with an update, they would have by now, the fact that they haven't suggests they cant pinpoint the hole. I agree with Anthony's comment above, an exploit is a security flaw and they must be seen to eliminate any kind of hole in the softwares code.

[csglinux]

I don't believe there is any cat and mouse game going on here, if apple could patch the exploit with an update, they would have by now, the fact that they haven't suggests they cant pinpoint the hole. I agree with Anthony's comment above, an exploit is a security flaw and they must be seen to eliminate any kind of hole in the softwares code.

Respectfully, you're wrong on at least one point. Even if you don't rate Apple's own security capabilities, the exploits used in Evasi0n were plastered all over the internet by independent security researchers within 24 hours of its release. Apple knows exactly where the holes are. They're either waiting because they want to make 100% sure their patches are watertight, or (just maybe - for whatever reason) they aren't in such a rush to patch it.

I also have to disagree about evasi0n being a security hole. If a third party asked you to plug your iphone in to your computer, take off the password and run their software on your PC, whilst tapping certain icons that magically appeared on your phone, would you do it? If you're really that gullible, please PM me your SSN and bank account number.

[Anthony Bouchard]

I also have to disagree about evasi0n being a security hole. If a third party asked you to plug your iphone in to your computer, take off the password and run their software on your PC, whilst tapping certain icons that magically appeared on your phone, would you do it? If you're really that gullible, please PM me your SSN and bank account number.

It's a massive security hole – it allowed third party code to get into your device didn't it?

Granted evasi0n asks you if you want to jailbreak and doesn't do anything until you click jailbreak, but a malicious hacker trying to steal your information might not be as kind as to ask if you want to run the third party code or not. They might just do it behind the scenes when you plug your device in.

Evasi0n itself isn't the security hole. It's the security holes that led to evasi0n being possible that Apple needs to fix to secure their system, and that's exactly why they patch the jailbreak constantly. They don't see a jailbreak as fun, like we all do, because the jailbreak hackers are exploiting the security holes.

A good example of the situation I'm trying to explain is the JailbreakMe 3.0 Web site for iOS 4.3. Remember when comex released a jailbreak tweak that patched the PDF exploit after the jailbreak used it? He did this because if he didn't, other non-JailbreakMe Web sites could have exploited the same security hole and installed malware on your device.

[csglinux]

It's a massive security hole – it allowed third party code to get into your device didn't it?

Granted evasi0n asks you if you want to jailbreak and doesn't do anything until you click jailbreak, but a malicious hacker trying to steal your information might not be as kind as to ask if you want to run the third party code or not. They might just do it behind the scenes when you plug your device in.

Evasi0n itself isn't the security hole. It's the security holes that led to evasi0n being possible that Apple needs to fix to secure their system, and that's exactly why they patch the jailbreak constantly. They don't see a jailbreak as fun, like we all do, because the jailbreak hackers are exploiting the security holes.

A good example of the situation I'm trying to explain is the JailbreakMe 3.0 Web site for iOS 4.3. Remember when comex released a jailbreak tweak that patched the PDF exploit after the jailbreak used it? He did this because if he didn't, other non-JailbreakMe Web sites could have exploited the same security hole and installed malware on your device.

I agree with you about PDF exploits, but USB/backup exploits are different because they can't get in unless you take off those password/passcode locks. Just leave an encrypted backup on your home machine and don't plug your device into strange machines. (Everybody should be following that practice anyway.)

[Orby]

It is worth noting that evasi0n and its related exploits require:

1) Physical access to the device--no remote initiation or execution here.
2) A compromised computer the user is connected to via USB--evasi0n doesn't install itself on the iPhone.
3) Passcodes disabled--the USB code execution can't start if the device is still locked down and refusing USB connections.
4) Getting the user to open a particular application on the device after the USB code execution has completed.

Needless to say, it'd have to be a pretty complicated phish or trojan program to get a user to unwittingly dance through all those steps. Apple does not have the same sense of urgency that a remote-execution program (with no user intervention needed, vis-à-vis JBME "Star" or "Saffron") would necessitate.

However, a security hole is a security hole, and evasi0n at its core totally defeats the entire userspace and kernel's security systems and allows for total root privileged access and unsigned code execution across the device.

[Anthony Bouchard]

I agree with you about PDF exploits, but USB/backup exploits are different because they can't get in unless you take off those password/passcode locks. Just leave an encrypted backup on your home machine and don't plug your device into strange machines. (Everybody should be following that practice anyway.)

There are also a lot of people that don't use passcodes, or there could be a number of people that use passcodes but might leave their device unlocked on their desk while they get sidetracked to do something else.

There are a lot of strange situations that could happen, but for the most part you're spot-on with the fact that the exploits evasi0n itself uses could only be used maliciously in strange or non-likely situations. The possibility of these strange situations, while potentially unlikely, is the awareness I'm trying to bring.

Also another thing that could be considered is that the evasi0n team say they have even more exploits that they've saved for future firmware updates. Who's to say that a malicious hacker wouldn't use those exploits or similar ones instead of all of the ones evasi0n uses? These are the predictions Apple has to take into consideration when they secure iOS.

Anyway, good conversation.

[csglinux]

There are also a lot of people that don't use passcodes, or there could be a number of people that use passcodes but might leave their device unlocked on their desk while they get sidetracked to do something else.

At the risk of stating the obvious... If somebody leaves their device lying around without a passcode lock, I don't need complicated jailbreak exploits to compromise their data :-)

I understand why Apple will one day patch this, but I hope (as Orby says) they don't consider this one too urgent.

[letmusicring]

Why are people upset about lots of updates?

Apple is quickly finding and fixing problems. Would you rather there be a problem and have them take forever to fix it?

[d_animality]

Why are people upset about lots of updates?

Apple is quickly finding and fixing problems. Would you rather there be a problem and have them take forever to fix it?

because i think Apple is trying to patch evasion... that's why we're complaining