A couple of weeks ago we wrote about iOS 8.4.1 jailbreak demo by the Pangu Team, which they demonstrated during HackPwn2015 security conference. Now the Pangu jailbreak team has posted an article on their blog that talks about the kernel-level vulnerabilities in iOS 8.4.1 software update.
The blog post title reads: “iOS 8.4.1 Kernel Vulnerabilities in AppleHDQGasGaugeControl” and as the name suggests, the Pangu team has talked about three kernel-level vulnerabilities, the team discovered in the iOS 8.4.1, in details.
In the blog post, a member of the Pangu jailbreak that who goes by the name ‘windknown’ writes:
When auditing iOS kernel executable, we found that the code quality of com.apple.driver.AppleHDQGasGaugeControl is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and gain code execution in the kernel, just by exploiting this single vulnerability.
Out of those three iOS 8.4.1 kernel-level vulnerabilities, Apple has already fixed two vulnerabilities in iOS 9 beta 5, reveals the blog post. Which means that the iOS 8.4.1 jailbreak that the team demonstrated earlier won’t be able to jailbreak iOS 9.
Now that the team has revealed the bugs that they have to jailbreak the current latest version i.e. iOS 8.4.1, and that those vulnerabilities are no good for iOS 9, it remains to be seen if the team will now release an iOS 8.4.1 jailbreak or not. Vulnerabilities used by in the TaiG jailbreak and PP jailbreak has already been patched by the iOS 8.4.1 so those tools are also unable to jailbreak it.
Apple is is expected to launch the Golden Master release of iOS 9, to the register iOS dev center developers, soon after the iPhone 6s event on September 9, followed by the final version release to the public next week.
We’ll keep you posted as we learn more about iOS 8.4.1 jailbreak or even the iOS 9 jailbreak. So stay tuned and make sure follow us on Facebook, Twitter, and Google+.