Apple blocca TaiG e PP Jailbreak con iOS 8.1.3

28 gennaio 2015 di Andrea Cervone (@AndreaCervone)

Con il rilascio di iOS 8.1.3 Apple ha ufficialmente bloccato l’esecuzione del jailbreak con TaiG e, di conseguenza, anche l’ultimo PP Jailbreak non risulta più funzionante sull’ultimo firmware.

215608

Questa la nota con tutte le correzioni apportate da iOS 8.1.3 in cui viene ringraziato il team di TaiG per aver portato alla luce molteplici exploit di iOS 8.

AppleFileConduit
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem
● Description: A vulnerability existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks.
● CVE-2014-4480 : TaiG Jailbreak Team

dyld
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A local user may be able to execute unsigned code
● Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
● CVE-2014-4455 : TaiG Jailbreak Team

IOHIDFamily
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to execute arbitrary code with system privileges
● Description: A buffer overflow existed in IOHIDFamily. This issue was addressed through improved size validation.
● CVE-2014-4487 : TaiG Jailbreak Team

Kernel
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel
● Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations.
● CVE-2014-4496 : TaiG Jailbreak Team

In aggiunta, Apple ha anche ringraziato PanguTeam e Stefan Esser (I0n1c) per aver portato alla luce altri bug che colpiscono i dispositivi Apple con processore A5.

Kernel
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel
● Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.
● CVE-2014-4491 : @PanguTeam, Stefan Esser.

Al momento, tuttavia, il jailbreak di iOS 8.1.2 è ancora possibile. Quindi, se volete, affrettatevi ad aggiornare manualmente a questa versione del software di sistema e ad eseguirne il jailbreak fino a quando Apple firmerà ancora la penultima versione di iOS.

REGOLAMENTO Commentando dichiari di aver letto e di accettare tutte le regole guida sulla discussione all'interno dei nostri blog.