November 22, 2024
Apple Credits PanguTeam With Discovering Three Security Vulnerabilities in iOS 8

Apple Credits PanguTeam With Discovering Three Security Vulnerabilities in iOS 8

Posted November 18, 2014 at 4:19am by iClarified
Apple has credited the PanguTeam with discovering three security vulnerabilities in iOS 8.

Earlier today, Apple posted a support document detailing the security content of iOS 8.1.1. In that document, PanguTeam is credited for finding a Dyld, Kernel, and Sandbox Profile vulnerability.

Dyld
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A local user may be able to execute unsigned code
● Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
● CVE-ID: CVE-2014-4455 : @PanguTeam


Kernel
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to execute arbitrary code with system privileges
● Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.
● CVE-ID: CVE-2014-4461 : @PanguTeam

Sandbox Profiles
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to launch arbitrary binaries on a trusted device
● Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox.
● CVE-ID: CVE-2014-4457 : @PanguTeam

Since Apple has identified the exploits used by PanguTeam, the iOS 8.1.1 firmware update kills the Pangu8 jailbreak.

At this time it's unclear if the PanguTeam have any more exploits up their sleeve but you should follow iClarified on Twitter, Facebook, or RSS for updates.


Read More


Apple Credits PanguTeam With Discovering Three Security Vulnerabilities in iOS 8

Apple Credits PanguTeam With Discovering Three Security Vulnerabilities in iOS 8

Apple Credits PanguTeam With Discovering Three Security Vulnerabilities in iOS 8
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (13)
You must login or register to add a comment...
Rajesh kumar
Rajesh kumar - November 23, 2014 at 3:14pm
Latest news on apple products. How to tutorials , how to videos, how to jailbreak, how to install tweaks, how to get cracked apps and much more, please visit www.iphoneclinic.net
Mike Power
Mike Power - November 18, 2014 at 9:31pm
so Apple spends millions on engineers and the hackers are the one that are really working, I would fire everybody period. and pangu get no money whatsoever.
juggalojuggalo
juggalojuggalo - November 18, 2014 at 7:43pm
I'd say the majority of new iOS features originated in the jailbreak community: widgets, notifications, foldlers, etc...
Jackson Browne
Jackson Browne - November 18, 2014 at 8:49pm
Nonsense. The majority of 'new' iOS features originated long before the iPhone ever existed. They were simply copied from older devices, such as Palm Pilots. they may have first appeared on iPhones that were jailbroken, as the jailbreak community was willing to be the guinea pigs testing the ideas on iOS. they were hardly original ideas.
sicko
sicko - November 18, 2014 at 6:25pm
The way i see it jailbreaking makes the software stronger against viruses etc. jailbreak finds problems. Apple fixes them. sprobably saves them time and money tryin to find them.
1
ywhat
ywhat - November 18, 2014 at 4:54pm
@iswingbothways. I agree that Apple should allow jb but it wouldnt help them make more $. Pirating is linked to jb'ing. What Apple should do is take certain cydia tweaks like swipeselection pro and incorporate that into ios also allow Safari downloads of all filetypes. Increase User experience will diminish the need for jailbreak. I jealbreak for tweaks not free apps
MUKAI
MUKAI - November 18, 2014 at 7:43am
They snitched!
iProService
iProService - November 18, 2014 at 4:31am
Considering the speed with which Pangu was released for iOS 8.0-8-1, one might presume they've another set of exploits ready to go. But alas, in this game of cat and mouse, who knows. At least we can still unlock the iPhones with relative ease these days. ;-)
areilly111
areilly111 - November 18, 2014 at 5:12am
I just wish Apple would realize the potential and how much money they could make just by making jail breaking the users decision and not block it.
areilly111
areilly111 - November 18, 2014 at 6:08am
They wouldn't really loose money they make a good majority of their miney on hardware sales and not much on software. And piracy is a problem on every platform like android, windows, OS X , ect... you can even install cracked apps on a non-jailbroken device so if that's all your going do why not do it the easier way without jailbreaking. If they were smart they would leave the choice of jailbreaking/unlocking to the users and advertise the shit out of it instead of adding all these features thats some people may not want. let the user create their own environment like android users have been doing for years now. Just because it's closed sourced doesn't mean it can't be customizable.
Jorgee
Jorgee - November 18, 2014 at 6:41am
If they don't block it, then they Can be sued/owe royalties by anyone it affects.. Ex Nintendo (gba,nes,n64) and their secure operating system that they are known for would not be soo secure... Eventually.
areilly111
areilly111 - November 18, 2014 at 2:04pm
@Jorgee what are you thing about paying royalties? Android has all the same emus so does windows they don't and can't get sued because it's not there code the emulates.
JuergenWest
JuergenWest - November 18, 2014 at 9:36pm
Jailbreaking is both good and bad. It expands the potential of the software, but opens pandora's box to piracy. Piracy is bad and a thorn in everyone's butt. However all of Apple's music and app sales only account for less than 1% of their revenue, so to say it kills them is nonsense. Regardless, the jailbreak community does not condone piracy as it affects the income of both Apple app and jailbreak tweak developers.
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS