Apple has patched the exploits used by Pangu to jailbreak iOS 8.1

Like always Apple has patched the exploits used in latest jailbreak released by the Pangu team out of China. They have credited them for finding three of the seven exploits used to attain root level access by their tool released only days after 8.1 dropped.

Advertisement

The exploits had to do with a dyld directory issue, a validation issue in the kernel and a sandbox bug. All of which can be combined with their other exploits not yet patched to provide users with a jailbroken device.

It is speculated that Pangu won't be releasing a jailbreak until 8.2 as there isn't enough motivation for them to burn any other exploits that have until it's worth it for them. With the Apple Watch kit not being shipped in iOS until 8.2 this lends weight to these speculations.

From Apples page:

iOS 8.1.1

  • dyld
  • Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
  • Impact: A local user may be able to execute unsigned code
  • Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
  • CVE-ID
  • CVE-2014-4455 : @PanguTeam
  • Sandbox Profiles
    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
    Impact: A malicious application may be able to launch arbitrary binaries on a trusted device
    Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox.
    CVE-ID
    CVE-2014-4457 : @PanguTeam
  • Kernel
  • Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
  • Impact: A malicious application may be able to execute arbitrary code with system privileges
  • Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.
  • CVE-ID
  • CVE-2014-4461 : @PanguTeam

Link to apple support site.

iDownloadBlog Article.

Reddit post about it.