• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Pangu Jailbreak Team Credited by Apple for Security Improvements in iOS 8.1.1


    Apple has released a page on their Web site documenting the security improvements in the newly-released iOS 8.1.1 software release for its mobile devices, which patches the Pangu8 jailbreak for iOS 8.

    On the page, Apple credits @PanguTeam for finding and exploiting these vulnerabilities, which are now patched in iOS 8.1.1:

    Quote Originally Posted by Apple
    dyld

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A local user may be able to execute unsigned code

    Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.

    CVE-ID

    CVE-2014-4455 : @PanguTeam

    Kernel

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.

    CVE-ID

    CVE-2014-4461 : @PanguTeam

    Sandbox Profiles

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to launch arbitrary binaries on a trusted device

    Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox.

    CVE-ID

    CVE-2014-4457 : @PanguTeam
    Among the things Apple credits the PanguTeam for are security patches for dyld, Sandbox Profiles, and the Kernel. There are also other security patches in this update that have been credited to other software developers that aren't the PanguTeam.

    In addition to the security updates, all that iOS 8.1.1 really did was improve stability on the iPad 2 and iPhone 4s. Jailbreakers will have more to benefit from by staying on iOS 8.1.

    Sources: Apple
    This article was originally published in forum thread: Pangu Jailbreak Team Credited by Apple for Security Improvements in iOS 8.1.1 started by Anthony Bouchard View original post
    Comments 30 Comments
    1. djaquapimp's Avatar
      djaquapimp -
      I highly doubt they'll ever be able to fully plug all the holes. Team pangu will pwn it soon enough!
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by djaquapimp View Post
      I highly doubt they'll ever be able to fully plug all the holes. Team pangu will pwn it soon enough!
      Oh absolutely, there's no plugging ALL the holes

      Software 101.
    1. bigboyz's Avatar
      bigboyz -
      Funny how they have never singled out a Dev before this JB. On one end they are fighting the JB community and now they are giving props? Too funny.
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by bigboyz View Post
      Funny how they have never singled out a Dev before this JB. On one end they are fighting the JB community and now they are giving props? Too funny.
      They've credited the evad3rs before in the past.
    1. Scotty Manley Silberhorn's Avatar
      Scotty Manley Silberhorn -
      Quote Originally Posted by bigboyz View Post
      Funny how they have never singled out a Dev before this JB. On one end they are fighting the JB community and now they are giving props? Too funny.
      They have actually. This is just the first time they've mentioned pangu because this is the first time they've ever patched their jailbreak.
    1. TDH Advocate's Avatar
      TDH Advocate -
      I'm really hoping the Pangu team waits until 8.2 or 8.3 for the next jailbreak tool as they are going to be larger updates that will require a few smaller fixes each time. If they release one for 8.1.1 then Apple will fix it by 8.2.

      Edit: 8.2 was just seeded to developers. This would be a good time for Pangu to TEST jailbreak exploits for when 8.3 is seeded to developers. That way all firmware a below 8.3 can be jailbroken and we don't have an issue like we do right now where 8.1 and below are fine but 8.1.1 is not.
    1. EastBayBeast510's Avatar
      EastBayBeast510 -
      Restored my phone last night because my 8.1 was OTA.. Missed the cutoff by a couple hours.. Now I'm here on 8.1.1 like "cool"👍.. Fail
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by EastBayBeast510 View Post
      Restored my phone last night because my 8.1 was OTA.. Missed the cutoff by a couple hours.. Now I'm here on 8.1.1 like "cool"��.. Fail
      They are still signing 8.1 as of right now. You haven't missed the window yet.
    1. EastBayBeast510's Avatar
      EastBayBeast510 -
      Quote Originally Posted by Simon View Post
      They are still signing 8.1 as of right now. You haven't missed the window yet.
      I restored last night and it automatically uploaded 8.1.1.. Can I restore to 8.1 using dfu mode?
    1. SpiderManAPV's Avatar
      SpiderManAPV -
      Quote Originally Posted by EastBayBeast510 View Post
      I restored last night and it automatically uploaded 8.1.1.. Can I restore to 8.1 using dfu mode?
      If they're still signing, yes.
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by EastBayBeast510 View Post
      I restored last night and it automatically uploaded 8.1.1.. Can I restore to 8.1 using dfu mode?
      Yes, as long as Apple is still signing 8.1 you can manually download it and shift/option restore to it in iTunes. I would do it ASAP as Apple could stop signing it at any moment.
    1. EastBayBeast510's Avatar
      EastBayBeast510 -
      Quote Originally Posted by Simon View Post
      Yes, as long as Apple is still signing 8.1 you can manually download it and shift/option restore to it in iTunes. I would do it ASAP as Apple could stop signing it at any moment.
      You're a savior!!
    1. SpiderManAPV's Avatar
      SpiderManAPV -
      Quote Originally Posted by EastBayBeast510 View Post
      You're a savior!!
      Shh... Simon doesn't like it when people talk about that in public. Gotta wait for the Antichrist before we make it public like that.
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by SpidermanAPV View Post
      Shh... Simon doesn't like it when people talk about that in public. Gotta wait for the Antichrist before we make it public like that.
    1. EastBayBeast510's Avatar
      EastBayBeast510 -
      Quote Originally Posted by Simon View Post
      How will I know if the window is closed? Will it let me know when I restore?
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by EastBayBeast510 View Post
      How will I know if the window is closed? Will it let me know when I restore?
      You can check this site for signing status: https://ipsw.me/8.1
    1. Detroitking02's Avatar
      Detroitking02 -
      Another reason why I keep an Android. I owned every Note series phone and I have yet not be able to root it. Even without rooting Android are customize friendly.

      Another reason why I keep an Android. I owned every Note series phone and I have yet not be able to root it or have Google unroot it with a forced update. Even without rooting Android are customize friendly. Pretty soon apps will require 8.1.1 and above and jailbroken iphones will be forced to update.
    1. SpiderManAPV's Avatar
      SpiderManAPV -
      Quote Originally Posted by Detroitking02 View Post
      Another reason why I keep an Android. I owned every Note series phone and I have yet not be able to root it. Even without rooting Android are customize friendly.

      Another reason why I keep an Android. I owned every Note series phone and I have yet not be able to root it or have Google unroot it with a forced update. Even without rooting Android are customize friendly. Pretty soon apps will require 8.1.1 and above and jailbroken iphones will be forced to update.
      Apps don't change requirements in minor update versions.
    1. Detroitking02's Avatar
      Detroitking02 -
      Another reason why I keep an Android. I owned every Note series phone and I have yet not be able to root it or have Google unroot it with a forced update. Even without rooting Android are customize friendly. Pretty soon apps will require 8.1.1 and above and jailbroken iphones will be forced to update to a newer firmware.
    1. SpiderManAPV's Avatar
      SpiderManAPV -
      Any particular reason you feel the need to post the same thing multiple times?