Apple fixes 3 security flaws used by Pangu jailbreak in iOS 8.1.1; credits Pangu Team


iOS 8.1.1 Logo

Apple today released iOS 8.1.1 with bug fixes and performance improvements. The release also comes with a number of security fixes, including patching exploits used by the Pangu Jailbreak.

The Pangu team confirmed that iOS 8.1.1 kills the Pangu jailbreak, and in a security document, Apple confirmed this as well.

The company lists three security patches in iOS 8.1.1 that were related to unsigned code execution, and credits @PanguTeam for discovering them. The exploits were in the kernel, dyld, and sandbox profiles.

Another security fix in the iOS 8.1.1 update is a privacy loophole that could let an unauthorised user view and send photos from the lock screen.

Here are the details about the vulnerabilities:

dyld

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute unsigned code

Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.

CVE-ID

CVE-2014-4455 : @PanguTeam

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.

CVE-ID

CVE-2014-4461 : @PanguTeam

Sandbox Profiles

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to launch arbitrary binaries on a trusted device

Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver’s sandbox.

CVE-ID

CVE-2014-4457 : @PanguTeam

We’ll have to wait and see how much time it will take the Pangu Team to jailbreak iOS 8.1.1 now that most of the vulnerabilities used in the Pangu jailbreak have been fixed.

It goes without saying that jailbreakers should avoid upgrading to iOS 8.1.1 and be extremely careful while installing jailbreak tweaks.

[via Apple]

Like this post? Share it!

  • BMWIIIMPower

    dang… missed my window for updating my ipad jailbreak to ios8. Do you know if they’re still signing ios 8.1?

    • untzuntz

      no official word has been given whether the signing window for 8.1 is closed. generally apple doesnt usually stop signing previous versions right away. so i would ASSUME youre safe, but not 100% sure. i’d try to update it to 8.1 right now with shift + restore, if youre on windows.

      • BMWIIIMPower

        yea, I might give it a try tonight and see what happens. Thanks

        • Jay A whY

          I just did a restore w/ iOS 8.1!.. Apple is still signing it, better hurry up before the window closes!

    • Gautam

      Apple is still signing iOS 8.1, so you can still upgrade to it.

  • FaecalWilliam

    Oh that’s OK. The heroic evaders team will come to the rescue. I’m sure they’ll release a new JB within ten years — but only after endless tweets and a series of pointless “progress updates.”

    • Dusek88

      Dang, that’s cold lol

    • Roger Caron

      Or Pangu will release jailbreak after jailbreak, ultimately ruining jailbreaking forever, just so you whiners can get your precious jailbreak right now!!! Blow me!!!

  • Apel P

    Haha, did I get read that right. Apple credited the Pangu team?

    • Gautam

      Yeah, Apple has done that before.

  • Ethan Barker

    Still chilling here on ios 7.1.2 🙂
    (iPad 2)

    • Lance Garvey

      iOS8 is pretty nice, you would appreciate upgrading to it. I use my iPad as a GPS and absolutely LOVE “Hey Siri!”

      Then again, you’re on an iPad 2. Dunno what performance is like on that device.

      • Ethan Barker

        Performance is the only reason I’m staying back. Apple did improve a lot, but it’s not that big of an update. I updated to 1.8 and it was so slow. Safri crashed and took 3-4 times as long to load. I quickly re installed iOS 7 before apple stopped signing it and boy I’m so happy. Ios 8.1.1 was supposed to improve speed, but I watched a video and it was exactly the same except for calendar and boot up took even longer!

  • Borz

    Cool. How about fixing the wifi issue?

  • IOS Fan

    The Pangu jb keeps getting stuck on the apple logo when I shut down. Have to keep restoring my iPhone 6+. I guess I will try a few more times or wait it out for another jb.