Connect with us

iOS 8.1.3 kills TaiG Jailbreak; most likely PP Jailbreak as well

Apple News

iOS 8.1.3 kills TaiG Jailbreak; most likely PP Jailbreak as well

Apple has posted a support page on the security content of the just-released iOS 8.1.3, confirming fears that the firmware effectively breaks the TaiG jailbreak tool. In the page, the company credits the TaiG Jailbreak Team for discovering four vulnerabilities patched in the update.

Apple has listed the four security patches in the security release notes of iOS 8.1.3, and has credited the “TaiG Jailbreak Team” for discovering them.

AppleFileConduitAvailable for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
dyld
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
OHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation value, which may aid in bypassing address space layout randomization protection. This was addressed by disabling the mach_port_kobject interface in production configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
In addition, Apple has also patched a vulnerability that discovered by hacker and security researcher Stefan Esser, and was used previously in the Pangu jailbreak, and was used in the TaiG jailbreak.
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser

The TaiG jailbreak for iOS 8.1.1 debuted on November 28 of last year, just a week after iOS 8.1.1 landed. There’s no word yet on when/if it will be updated, but as always, we recommend staying away from iOS 8.1.3 until a working jailbreak for the new firmware is announced. 

Apple has posted a enhance web page at the safety content material of the just-released iOS 8.1.3, confirming fears that the firmware successfully breaks the TaiG jailbreak software. In the web page, the corporate credit the TaiG Jailbreak Team for locating 4 vulnerabilities patched within the update.
Apple has indexed the 4 safety patches within the safety unlock notes of iOS 8.1.3, and has credited the “TaiG Jailbreak Team” for locating them.
AppleFileConduitAvailable for: iPhone 4s and later, iPod contact (fifth era) and later, iPad 2 and later
Impact: O maliciously crafted afc command would possibly permit get right of entry to to safe portions of the filesystem
Description: I vulnerability existed within the symbolic linking mechanism of afc. This factor used to be addressed via including further trail exams.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
dyld
Available for: iPhone 4s and later, iPod contact (fifth era) and later, iPad 2 and later
Impact: O native consumer could possibly execute unsigned code
Description: S state control factor existed within the dealing with of Mach-A executable information with overlapping segments. This factor used to be addressed thru progressed validation of phase sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
OHIDFamily
Available for: iPhone 4s and later, iPod contact (fifth era) and later, iPad 2 and later
Impact: I malicious software could possibly execute arbitrary code with gadget privileges
Description: S buffer overflow existed in IOHIDFamily. This factor used to be addressed thru progressed measurement validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
Kernel
Available for: iPhone 4s and later, iPod contact (fifth era) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS programs could possibly decide addresses within the kernel
Description: The mach_port_kobject kernel interface leaked kernel addresses and heap permutation worth, which would possibly help in bypassing cope with area format randomization coverage. This used to be addressed by way of disabling the mach_port_kobject interface in manufacturing configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
In addition, Apple has additionally patched a vulnerability that found out via hacker and safety researcher Stefan Esser, and used to be used prior to now within the Pangu jailbreak, and used to be used within the TaiG jailbreak.
Kernel
Available for: iPhone 4s and later, iPod contact (fifth era) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS programs could possibly decide addresses within the kernel
Description: An knowledge disclosure factor existed within the dealing with of APIs associated with kernel extensions. Responses containing an OSBundleMachOHeaders key will have incorporated kernel addresses, which would possibly assist in bypassing cope with area format randomization coverage. This factor used to be addressed through unsliding the addresses ahead of returning them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
The TaiG jailbreak for iOS 8.1.1 debuted on November 28 of ultimate yr, only a week after iOS 8.1.1 landed. There’s no phrase but on while/if it is going to be up to date, however as all the time, we suggest staying clear of iOS 8.1.3 till a running jailbreak for the brand new firmware is introduced. 
Comments

More in Apple News

Popular

Featured

Advertisement
To Top