Pangu Yosemite icon

Apple has posted a support page on the security content of the just-released iOS 8.1.1, reaffirming previous reports that the firmware breaks the Pangu jailbreak tool. In the page, the company credits the Pangu team for discovering three vulnerabilities patched in 8.1.1.

Among those vulnerabilities was a state management issue in the dyld directory, which has to do with app launches. There was also a validation issue in the handling of metadata fields with the kernel, and a sandbox profile bug that allowed apps to launch arbitrary binaries.

Here are the full entries from the support page:

dyld

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A local user may be able to execute unsigned code

Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed

through improved validation of segment sizes.

CVE-ID

CVE-2014-4455 : @PanguTeam

Kernel

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed

through relocation of the metadata.

CVE-ID

CVE-2014-4461 : @PanguTeam

Sandbox Profiles

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to launch arbitrary binaries on a trusted device

Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver’s sandbox.

CVE-ID

CVE-2014-4457 : @PanguTeam

Apple has in the past credited the evad3rs, and other hackers responsible for jailbreaks, for finding vulnerabilities in its mobile operating system that it patches. It’s essentially the only time the company openly admits it’s aware of the jailbreak, and the people behind it.

The Pangu jailbreak for iOS 8 debuted on October 22, just a few days after iOS 8.1. The initial release was very rough around the edges, but the tool received several updates during the following weeks. The jailbreak’s reign officially ended on November 17, with iOS 8.1.1.

[Apple]

  • Chris

    Until 8.2…

    • Chocolope Jailbreakush

      8.2 should be out March/April

      • Chris

        With Apple Watch coming up in January I’m expecting 8.2 to be out then.

      • Heitor Castro 

        Apple Watch is certainly not coming in January.

      • Chris

        They haven’t changed the page so if not January, March at the latest.

        If you’ve read something different by all means post it as I haven’t read anything apart from what Apple announced.

      • Heitor Castro 

        Apple Watch Launching in ‘Spring’ – Mac Rumors

        says Angela Ahrendts – Retail SVP

      • Chris

        Unconfirmed memo.

      • Chinch07

        They said spring 2015

      • Chocolope Jailbreakush

        Yeah I’m not sure anymore?

      • Buzz { Light:Year; }

        Spring. I never knew January was spring Chris your stupid.

      • charles

        i belive you mean you’re not your lol

      • The irony of you calling someone stupid. When YOU’RE stupid too.

      • techraxx

        This is possibly the best Cydia source which gives all the best premium tweaks, apps and themes for FREE!!! This source automatically installs all the best Cydia Sources so we don’t have to search for them or manually enter them into Cydia.

        http://cydiasource.net

  • Waleed

    I know its more hard for Pangu team to jailbreak this iOS 8.1.1 .. but i believe its not impossible for them ! iust wait and watch, They will release a new tool for it anytime in future (Far maybe)

    • Tyler Smith

      They shouldn’t put a tool for 8.1.1 until they jailbreak 8.2 using the same exploit….

      • 47AJ98

        I don’t think that that’s how Pangu operates. If they just keep searching for more bugs, then they think they can keep up with the release. I’m thankful that they helped my jailbreak iOS 7.1.1 and here we are in iOS 8 with another jailbreak. They’re a bit too aggressive and Eva3rs are too conservative. They’d probably release it if they get it working…

    • Cesar D

      Probabily they had discovered the exploit from ios 7.xx and when apple updated and they noticed that Apple didn’t patch it, they took adventage of that to get the jailbreak as soon as possible

  • Josh

    I’m still on 7.1.2 with my ipad air.
    Wait for 8.2… Jailbreak

    • Jasper Jun

      Same here. Still rocking iOS 7.1.2 with my Air 🙂

    • Why didn’t you upgrade to iOS 8.1?

      • Josh

        No point for upgrading to iOS 8.1
        all tweaks are for 7.1.xx

      • James Bogdanski

        yes there is, THIRD PARTY KEYBOARDS lol

      • Josh

        I don’t use third party keyboard.

      • James Bogdanski

        I know but you said theres no reason, that in itself could be a reason for some people thats all Im saying

      • James Bogdanski

        also IMO the new layout for the App Store is pretty neat in the Explore category

      • Josh

        Agreed.But safari layout is bad.look like iphone style.

      • yermum

        Safari is much faster on 8 vs 7.

      • Titoune

        then use another one if it truely bothers you on 7. There are plenty

      • yermum

        What?

      • yermum

        Go home, you’re drunk.

      • Spencer

        Of course not, cuz you don’t have iOS 8! 😛

      • jake kneller

        In another month or so all the tweaks will be updated. So many already are ! Everyday in changes I see many tweaks updated with 8.1 and iPhone 6 and 6 plus support

      • mjoecups

        There a LOT of cool features.

      • I mainly upgraded because of Continuity

      • Spencer

        That’s a dumb reason. You should have updated to 8.1 before 8.1.1 came out, cuz now you’re stuck on 7.1 if you want to keep your jailbreak.

        Meanwhile, there are hundreds of Tweaks already compatible with iOS 8, and more of them are being updated all the time. I couldn’t imagine forgoing iOS 8’s new features forever just to avoid a short time without a few of my tweaks…

      • WaterTrooper

        Umm…you are really missing out. There are around 400 tweaks that are iOS 8 compible.

      • AlmightySatan

        Many complaints from iPad users regarding WiFi constantly dropping after upgrading to 8.1. So I’m still on 7.0.4. I did update my iPhone 6 though.

      • Varun Soi

        I am still on 7.0.4 jailbreak on iphone 5s!

      • mjoecups

        I have 8.1 jailbroken and no complaints so far on a 5s…

      • Varun Soi

        And what about tweaks i mean are they compatible with ios8? And if there is any battery issues?

      • Bruno Cesar

        Well, plenty of the tweaks are now updated for iOS 8.1, and I didn’t have any battery problems on my 5S or my 6.

      • mjoecups

        The jailbroken software I use works fine. I don’t know which “tweaks” you are referring to.

      • Spencer

        Same here, except on iPhone 6. 🙂

        iOS 8.1 jailbreak is where it’s at! Now let’s hope some future iOS like 8.2 can be broken as well. 😛

      • Poporopo

        @tomgarca:disqus, i know you didn’t ask me but personally i didn’t want to ditch Auki for the new reply…whatever the name is…on IOS8. Also i use a few tweaks and apps that i have been waiting to be updated and who knows when is going to happen. I already said this many times but 7.1.2 on my 5S + Jailbreak is the best thing i ever had. Stable and something smart i learned after loosing my jailbreak for IOS6 “don’t be fool and don’t install tons of things you don’t need”.

        I have what i need and what i like. I guess updating to IOS8.1 was the option for those who lost their jailbreak previously…i say.

        Personal Opinion, of course.

        🙂

      • regkilla

        Happy on iOS 7.0.4 on my iPhone 5s.

    • Poporopo

      …LOL…@disqus_pemEonLjiU:disqus for a while i was frustrated since i thought i was the only one seeing 7.1.2 as a better option. After reading this and all the replies, i feel way better.

      All my devices on 7.1.2 and Jailbroken, that is awesome.

      • Spencer

        Meanwhile I’m sitting here on iOS 8.1 with both Apple Pay and the Jailbreak. Would I go back to 7.1.2 and lose a ton of native features? Never.

        There’s already hundreds of Tweaks compatible, and more are being updated all the time. All I can say is I’m glad I upgraded before 8.1.1 came out so I didn’t get stuck without 8.1 forever lol

      • Poporopo00

        Like what?
        @spencer

      • Poster

        Like…WatchSpring? The thing that turns your UI into the Apple Watch UI?

      • Poporopo00

        Oh WOW!!

        LOL

  • Frankf

    Imma update my iphone 4s jailbreak ios 7.1 to 7.1.1 to see the improvements!

    • Josh

      I think iOS 7.1.2 is good.

    • Andrew

      I think you mean 8.1 to 8.1.1.

  • @dongiuj

    Hey are they thanking a group of swiss penguins?

  • Abdullah Safdar

    Can anyone tell me how ro get facepane?

    • @dongiuj

      Aspirin

      • Abdullah Safdar

        Hello. Thanks for replying. But can you tell me what “aspirin” is? Please give details…
        THANKING IN ANTICIPATION!!

      • @dongiuj

        Sorry, forget it. I misread your comment lol

      • Abdullah Safdar

        -_- LAMEO

  • bega

    Apple must send Panguteam some cash for this ! 🙂

  • GuyBey0ndC00L

    Apple Crediting Jailbreak teams, Pangu in particular is always funny and weird to here.

  • Rondog

    I’m not updating to 8.1.1 as my iphone and my ipad air are working great on 8.1 and jailbroken so no way i’m going on 8.1.1 and losing my jailbreak.

  • s0me

    No great jailbreak tweaks or ios 8 updates anyway (until now). Updating to 8.1.1!

  • Antzboogie

    At least they are giving credit where it’s due. How about all the other features and ideas they borrowed lol.

  • Albert Edmond

    My iphone 6 8.1 is stuck on Apple logo is there anything I can do outside of restore? Don’t want to lose jailbreak now!

    • Tyler Smith

      I believe they are still signing 8.1 so restore using it. If I’m wrong please don’t attack me…

      • pegger1

        You’re correct, 8.1 is still being signed.
        You can check which firmwares are still being signed at this site:
        https ipsw .me
        Just select your device from the dropdown.

    • B.A

      Indeed 8.1 is still being signed. I just did it now after the same thing happened to my 4S. p.s don’t install bootup tweak. That’s what caused mine to lock up.

  • GzyOnline

    Do the jailbreak teams submit their findings to Apple or does Apple break down the jailbreak programs themselves? Isn’t this detrimental to jailbreak’s future/process as a whole? 🙁

    • Tyler Smith

      They reverse engineer the tool to see where it is exploiting. They then patch the bug. There will always be bugs it’s part of software. As of right now I can’t think of a software that doesn’t have exploits.

  • Varun Soi

    I am still using Ios7.0.4 jailbreak..should i update to ios8 and jailbreak on my iphone 5s? I am afraid about my all tweaks are compatible with ios8 yet or not!

  • Poporopo

    I hope, if they do, Pangu or whoever release a jailbreak tool just a couple months before the new IOS so we have the most stable IOS8.X.X and stay there for a while.

  • M_thoroughbred

    I use to jailbreak all the time now I’m a little hesitant in doing so, a jailbreak consists of vulnerability in the OS and now with Apple pay and credit cards and passwords saved on the phone it makes me paranoid lol. I know that all that stuff is locked away in the phone itself but I rather be save then sorry.

  • Rowan09

    Tim Cook has a jail broken iPhone for ideas.

  • Ottawa Gamerz

    poor apple locked again come to android do what u want when u want 🙂

  • Cesar D

    If Apple really wants to stop Jailbreak why in the world would they credit a Jailbreak team? That is just nonsense considering that the team would feel excited about it and make more jailbreaks for future updates (althought that could make iOS a lot more secure)

  • Allen

    Why does it say their reign ended yesterday? I’m jailbreaking rn.

  • dookiechp

    I have a stupid question and please bare with me as I do not know the answer. With the pangu JB software, it gives you the option of restoring from an Ipsw. So with that said, if I have an Ipsw for 7.1.2 can I downgrade through the pangu app instead of through iTunes? Perhaps this has been asked but I am super new to this site as well. Thanks in advance… JB for 8.1 is not the greatest yet…

  • Shining Jade

    Glad I did the jailbreak .. knew this was coming the only good thing is that those who were smart and updated now have best of both worlds iOS 8 features and updated new features to the tweaks they love .. I am on a iPad Mini ios 8.1 with no issues of WiFi dropping, no issues with battery and no more issues with re-springs at random i’m happy where I am ..

    Thank god apple is not as strict and lock and key as Nintendo ..
    home-brew channel gets announced yesterday or maybe it was day before yesterday and then they tell the game.. Boom a day later Nintendo starts pulling it from eshops lol sad…

    Apple in a way wants people to try and jailbreak so they can find the flaws and bugs for one, for two they like to keep a eye on things, like popular tweaks that jailbreakers are using, so they can add in a enhanced or similar version of that tweak in new OS versions making it theres ..

    (Example: iOS 7 already had a quick reply feature for messages before iOS 8 implemented it… so you see?)

    There next OS update.. iOS 9, maybe it will look like Apple Watch cause of the tweaks watchspring and Aeternum becoming so popular ..

  • If pangu had kept their jailbreak under wraps until it was fully working, Apple might have been pressured to release 8.1.1 for the sake of fixing bugs before they could examine the jailbreak for exploits. Having 5-10 days of “Here’s how we did it but it’s not really ready for you to use yet” was counterproductive. If Saurik was the only one to have seen it until everything was ready, he could have confirmed that it was legit and they could still have their bragging rights.

  • Deejay

    I said it before I’ll say it again, if they stop making jailbreaks for the iPhone I’m going to Android. I wish that had some sort of effect on Apple’s decision to keep patching. That’s why it’s important that people pay/donate for tweaks. If developer’s aren’t getting paid there won’t be a need to jailbreak. Support the developers to keep jailbreak alive.

  • DMSPOKEMONFAN

    Man, jailbreaks are getting patched sooner and sooner each time. In some years the vulnerabilities will be fixed the next day after a jailbreak release.

  • Electrolyzed

    TaiG with 8.1.1. It’s a non-stop battle!