Pangu has posted some details on kernel vulnerabilities discovered in iOS 8.4.1's AppleHDQGasGaugeControl that likely were used to demonstrate a jailbreak of the firmware.
When auditing iOS kernel executable, we found that the code quality of com.apple.driver.AppleHDQGasGaugeControl is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and gain code execution in the kernel, just by exploiting this single vulnerability.
Unfortunately, the team has already confirmed that the vulnerabilities cannot be triggered inside the container sandbox and that the 2nd and the 3rd bugs are already fixed in iOS 9 beta 5.
For more updates on a potential jailbreak for iOS 9, please follow iClarified on Twitter, Facebook, or RSS.
Read More [via iH8sn0w]
When auditing iOS kernel executable, we found that the code quality of com.apple.driver.AppleHDQGasGaugeControl is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and gain code execution in the kernel, just by exploiting this single vulnerability.
Unfortunately, the team has already confirmed that the vulnerabilities cannot be triggered inside the container sandbox and that the 2nd and the 3rd bugs are already fixed in iOS 9 beta 5.
For more updates on a potential jailbreak for iOS 9, please follow iClarified on Twitter, Facebook, or RSS.
Read More [via iH8sn0w]