Apple Credits PanguTeam With Discovering Three Security Vulnerabilities in iOS 8
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted November 18, 2014 at 4:19am by iClarified
Apple has credited the PanguTeam with discovering three security vulnerabilities in iOS 8.
Earlier today, Apple posted a support document detailing the security content of iOS 8.1.1. In that document, PanguTeam is credited for finding a Dyld, Kernel, and Sandbox Profile vulnerability.
Dyld ● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later ● Impact: A local user may be able to execute unsigned code ● Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes. ● CVE-ID: CVE-2014-4455 : @PanguTeam
Kernel ● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later ● Impact: A malicious application may be able to execute arbitrary code with system privileges ● Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata. ● CVE-ID: CVE-2014-4461 : @PanguTeam
Sandbox Profiles ● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later ● Impact: A malicious application may be able to launch arbitrary binaries on a trusted device ● Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox. ● CVE-ID: CVE-2014-4457 : @PanguTeam
At this time it's unclear if the PanguTeam have any more exploits up their sleeve but you should follow iClarified on Twitter, Facebook, or RSS for updates.
Latest news on apple products. How to tutorials , how to videos, how to jailbreak, how to install tweaks, how to get cracked apps and much more, please visit www.iphoneclinic.net
so Apple spends millions on engineers and the hackers are the one that are really working, I would fire everybody period. and pangu get no money whatsoever.
Nonsense. The majority of 'new' iOS features originated long before the iPhone ever existed. They were simply copied from older devices, such as Palm Pilots. they may have first appeared on iPhones that were jailbroken, as the jailbreak community was willing to be the guinea pigs testing the ideas on iOS. they were hardly original ideas.
The way i see it jailbreaking makes the software stronger against viruses etc. jailbreak finds problems. Apple fixes them. sprobably saves them time and money tryin to find them.
@iswingbothways. I agree that Apple should allow jb but it wouldnt help them make more $. Pirating is linked to jb'ing. What Apple should do is take certain cydia tweaks like swipeselection pro and incorporate that into ios also allow Safari downloads of all filetypes. Increase User experience will diminish the need for jailbreak. I jealbreak for tweaks not free apps
Considering the speed with which Pangu was released for iOS 8.0-8-1, one might presume they've another set of exploits ready to go. But alas, in this game of cat and mouse, who knows. At least we can still unlock the iPhones with relative ease these days. ;-)
They wouldn't really loose money they make a good majority of their miney on hardware sales and not much on software. And piracy is a problem on every platform like android, windows, OS X , ect... you can even install cracked apps on a non-jailbroken device so if that's all your going do why not do it the easier way without jailbreaking. If they were smart they would leave the choice of jailbreaking/unlocking to the users and advertise the shit out of it instead of adding all these features thats some people may not want. let the user create their own environment like android users have been doing for years now. Just because it's closed sourced doesn't mean it can't be customizable.
If they don't block it, then they Can be sued/owe royalties by anyone it affects.. Ex Nintendo (gba,nes,n64) and their secure operating system that they are known for would not be soo secure... Eventually.
@Jorgee what are you thing about paying royalties? Android has all the same emus so does windows they don't and can't get sued because it's not there code the emulates.
Jailbreaking is both good and bad. It expands the potential of the software, but opens pandora's box to piracy. Piracy is bad and a thorn in everyone's butt. However all of Apple's music and app sales only account for less than 1% of their revenue, so to say it kills them is nonsense. Regardless, the jailbreak community does not condone piracy as it affects the income of both Apple app and jailbreak tweak developers.