iOS 8.1.3 kills TaiG Jailbreak; most likely PP Jailbreak as well

News / Mobile phones

iOS 8.1.3 kills TaiG Jailbreak; most likely PP Jailbreak as well

  • 2015-02-13 13:20:28
  • 78
News / Mobile phones iOS 8.1.3 kills TaiG Jailbreak; most likely PP Jailbreak as well

Apple released iOS 8.1.3 earlier today with bug fixes, increased stability and performance improvements. It looks like iOS 8.1.3 also kills the TaiG jailbreak as Apple has fixed four vulnerabilities used by it to jailbreak iOS 8.1.2.

Apple has listed the four security patches in the security release notes of iOS 8.1.3, and has credited the “TaiG Jailbreak Team” for discovering them.

AppleFileConduit

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem

Description: A vulnerability existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks.

CVE-ID

CVE-2014-4480 : TaiG Jailbreak Team

dyld

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute unsigned code

Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.

CVE-ID

CVE-2014-4455 : TaiG Jailbreak Team

OHIDFamily

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A buffer overflow existed in IOHIDFamily. This issue was addressed through improved size validation.

CVE-ID

CVE-2014-4487 : TaiG Jailbreak Team

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel

Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations.

CVE-ID

CVE-2014-4496 : TaiG Jailbreak Team

In addition, Apple has also patched a vulnerability that discovered by hacker and security researcher Stefan Esser, and was used previously in the Pangu jailbreak, and was used in the TaiG jailbreak.

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel

Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.

CVE-ID

CVE-2014-4491 : @PanguTeam, Stefan Esser

We’re assuming that this also kills the PP Jailbreak, which was released for Mac to jailbreak iOS 8 – iOS 8.1.2 recently. This means that TaiG and PP jailbreak cannot be used to jailbreak iOS 8.1.3 currently. You can still use it jailbreak your device on iOS 8.1.2 or lower.

We’ll have to wait and see how much time it will take the TaiG or the Pangu Team to jailbreak iOS 8.1.3 now that most of the vulnerabilities used in the TaiG jailbreak have been fixed. They had previously said that they were confident to release a jailbreak for subsequent iOS public releases.

It goes without saying that jailbreakers should avoid upgrading to iOS 8.1.3 and be extremely careful while installing jailbreak tweaks.

[via Apple]





Categories: Mobile phones

Post a new comment