Few weeks back, Pangu team had reportedly demonstrated an iOS 8.4.1 jailbreak at the HackPwn2015 security conference.
Pangu team has just published a post on their blog titled ‘iOS 8.4.1 Kernel Vulnerabilities in AppleHDQGasGaugeControl’, which as the name suggests provides details about kernel vulnerabilities in iOS 8.4.1.
windknown, a member of the Pangu Team writes:
When auditing iOS kernel executable, we found that the code quality of com.apple.driver.AppleHDQGasGaugeControl is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and gain code execution in the kernel, just by exploiting this single vulnerability.
He then goes on to provide more details about the three iOS 8.4.1 kernel vulnerabilities. He also notes that Apple has patched two out of the three vulnerabilities in iOS 9 beta 5. While he hasn’t explicitly mentioned it, it means that the jailbreak they had demonstrated for iOS 8.4.1, won’t work with iOS 9.
Apple is widely expected to release iOS 9 GM (Golden Master) to developers immediately after tomorrow’s iPhone event, followed by the release to the public next week.
Now that Pangu team has revealed the details about iOS 8.4.1 kernel vulnerabilities, it remains to be seen if they will release a jailbreak for iOS 8.4.1.
[via Pangu blog]
No comments:
Post a Comment