iOS 8.1.1 Patches Kernel, Dyld and Sandbox Profiles Security Flaws Used by Pangu Jailbreak
Apple has pushed out the latest iteration to iOS 8, iOS 8.1.1 with build number 12B435 for iPhone, iPad and iPod touch.
Along with the bug fixes and performance improvements, the iOS 8.1.1 integrates a number of security fixes including the exploits used by Pangu jailbreak, an untethered jailbreak version for devices running iOS 8-iOS 8.1.
While the Chinese jailbreak developer has already confirmed that the iOS 8.1.1 beta patches the exploits used in the jailbreak, Apple has now made this public via the posting at Apple Support page.
The company has listed a few security patches in iOS 8.1.1 (in the document on security content) , out of which three exploits are by Pangu jailbreak namely, dyld, kernel and sandbox profiles. Another flaw in the update is a privacy loophole, which could allow an unauthorised user view and send photos from lock screen.
Following are the details about the security flaws fixed by Apple in iOS 8.1.1.
dyld
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : @PanguTeam
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
Sandbox Profiles
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to launch arbitrary binaries on a trusted device
Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver's sandbox.
CVE-ID
CVE-2014-4457 : @PanguTeam
[Source: iPhoneHacks]
© Copyright IBTimes 2024. All rights reserved.
