iOS 8.4.1 software update for iPhone, iPad, and iPod Touch, which was released earlier today, not only fixes several bugs, and add improvements to Apple Music, it also brings along a bad news for the jailbreak community. Apple has patched the exploits used by the team TaiG in its TaiG jailbreak tool for iOS 8.4.
The rumors started last month that Apple had patched TaiG jailbreak in iOS 8.4.1 beta releases and now Apple has officially confirmed in iOS 8.4.1 security details that it has indeed closed the exploits used by team TaiG in its jailbreak. In the security release notes, Apple has listed several security patches and credited “TaiG Jailbreak Team” for discovering eight of those security flaws.
After these official iOS 8.4.1 security notes, it’s needless to say that jailbreakers should avoid upgrading to 8.4.1 software update. Here are the notes related to TaiG jailbreak team:
- AppleFileConduit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: A maliciously crafted afc command may allow access to protected parts of the filesystemDescription: An issue existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks.CVE-ID
CVE-2015-5746 : evad3rs, TaiG Jailbreak Team - Air Traffic
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: AirTraffic may have allowed access to protected parts of the filesystemDescription: A path traversal issue existed in asset handling. This was addressed with improved validation.CVE-ID
CVE-2015-5766 : TaiG Jailbreak Team - Backup
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to create symlinks to protected regions of the diskDescription: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.CVE-ID
CVE-2015-5752 : TaiG Jailbreak Team - Code Signing
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute unsigned codeDescription: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation.CVE-ID
CVE-2015-3806 : TaiG Jailbreak Team - Code Signing
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: A specially crafted executable file could allow unsigned, malicious code to executeDescription: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.CVE-ID
CVE-2015-3803 : TaiG Jailbreak Team - Code Signing
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute unsigned codeDescription: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.CVE-ID
CVE-2015-3802 : TaiG Jailbreak Team
CVE-2015-3805 : TaiG Jailbreak Team - IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code with system privilegesDescription: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5774 : TaiG Jailbreak Team
Since iOS 8.4.1 patches TaiG jailbreak tool, it must also have patched PP jailbreak as the team TaiG had accused team PP of stealing its code and using it in PP jailbreak without prior permission. However, both jailbreak tools are still capable of jailbreak iOS 8.4 or older compatible firmware.
Now the waiting game starts for the jailbreak community and see if the team TaiG releases an iOS 8.4.1 jailbreak or hold off vulnerabilities they have for the iOS 9 mega release.