iOS 8.1.1 blocheaza Pangu jailbreak si v-am spus acest lucru in repetate randuri in ultimele saptamani de zile, iar acum aflam ca 3 din cele 7 exploit-uri folosite de catre solutie au fost blocate de catre cmpania Apple prin aceasta actualizare. In documentul de securitate al iOS 8.1.1 publicat de catre compania Apple dupa lansarea acesteia ctualizari pentru sistemul de operare, cei din Cupertin listeaza cele trei vulnerabilitati de mai jos pe care le crediteaza hackerilor chinezi. Fiecare dintre ele a jucat un rol important in dezvoltarea solutiei de jailbreak si dupa cum puteti vedea, ele sunt disponibile in toate iDevice-urile Apple.
Cei din Cupertino au obiceiul de a credita hackerii dezvoltatori de solutii de jailbreak atunci cand acopera diverse vulnerabilitati ale sistemului de operare, acelasi lucru intamplandu-se in cazul iPhone Dev Team sau Evad3rs, dar acest lucru nu este imbucurator pentru noi. Din pacate blocarea acestei solutii de jailbreak nu va aduce una noua in viitorul apropiat, dar cu siguranta vom vedea alta noua lansata in cursul anului viitor, indiferent cand va veni ea.
Dyld
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A local user may be able to execute unsigned code
● Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
● CVE-ID: CVE-2014-4455 : @PanguTeamKernel
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to execute arbitrary code with system privileges
● Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.
● CVE-ID: CVE-2014-4461 : @PanguTeamSandbox Profiles
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to launch arbitrary binaries on a trusted device
● Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver’s sandbox.
● CVE-ID: CVE-2014-4457 : @PanguTeam
