Apple Thanks PanguTeam for Exposing iOS Flaw, Kills Their Jailbreak

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
This week, Apple pushed out two important updates for the masses, one of which increments the iPhone’s underlying software to version 8.1.1. It brings just a handful of code corrections, including a few security fixes.

High on that list of fixes is a patch for Sandbox Profiles which, according to Apple, affects iPhone 4s and later, iPod touch (5th generation) and later, and every iPad starting with the second-generation model.
The “Pangu” bug
“A malicious application may be able to launch arbitrary binaries on a trusted device,” reads the description.

As usual, the Mac maker offers a more detailed explanation of what’s going on in this particular area of the mobile OS. So, it states that “A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged.”

The company concludes saying that it addressed the issue by making changes to the debugserver's sandbox, leaving everyone (except a few security experts) scratching their heads.

But you don’t need to be a hacking guru or a security buff to know what the deal is with this particular vulnerability. At the very bottom of the bug’s description lies the bug’s ID and the party credited for the discovery of the flaw: "@PanguTeam."

It's the flaw that made the Pangu jailbreak possible.
iOS 8.1.1 kills the jailbreak
The only reason Apple is mentioning this flaw in the iOS 8.1.1 security advisory is that the new firmware patches it, killing the jailbreak in the process.

In other words, if someone wielding a Pangu-jailbroken device goes and installs iOS 8.1.1 today, the moment the new firmware finishes installing they will have lost their jailbreak. At this point, it isn’t clear if users are able to downgrade to an older version of iOS 8 and re-jailbreak.
About the Pangu Team
The Pangu team is a group of hackers from China who, for the past two years, have made it their business to jailbreak Apple’s iOS.

In the absence of veteran hackers like MuscleNerd and Pod2g – who have recently undertaken more serious affairs after proving their skills in the jailbreak battlefield – the Asians decided to take matters into their own hands and continue the practice of hacking Apple’s mobile operating system.

Pangu is at its second major release, and it can jailbreak iOS 7 and iOS 8 devices without compromising their functionality. Currently, the tool only goes as far as iOS 8.1, and there’s no word on their site or their Twitter feed regarding a possible update to support iOS 8.1.1

:D
 
  • Like
Reactions: Adhit Prakosho
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top