Pangu iOS 8 icon

Pangu team member, windknown, has posted a report on the official Pangu blog outlining several vulnerabilities in iOS 8.4.1, the latest public iOS firmware for iPhones and iPads.

The writeup, entitled iOS 8.4.1 Kernel Vulnerabilities in AppleHDQGasGaugeControl, highlights three different bugs found in iOS 8.4.1: a stack overflow bug, an out-of-bound memory access bug, and a heap overflow bug.

Here is what windknown had to say about the found vulnerabilities:

When auditing iOS kernel executable, we found that the code quality of is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and gain code execution in the kernel, just by exploiting this single vulnerability.

Fortunately, it looks as if Apple is already well aware of some of the bugs, as two of them are fixed in the latest iOS 9 beta.

It’s a enlightening report that’s fairly easy to follow even if you’re not a hacker or programmer. Windknown does a good job of explaining the particulars of each of the three vulnerabilities.

Although the days of iOS 8 are numbered, this type of research tells me that hackers are still very much engaged in the various security research needed to accomplish a future jailbreak down the line.

It’ll be interesting to see how things go once iOS 9 is released to the public.

Source: Pangu blog

  • pauleebe

    Would be nice if we could have an 8.4.1 jailbreak then in the meantime. Apple wouldn’t bother with an 8.4.2 patch, which means latest version of iOS 8 would be jailbreakable for a while.

    • Joostiphone

      Why? iOS 9 will be available probably tomorrow…and if not within a few weeks. I would rather see that Pangu or another team put effort in the iOS 9 jailbreak.

      • pauleebe

        GM will be available tomorrow, but it won’t be available to the public just yet. Most of us won’t forsake a jailbreak until there is one for iOS 9, meaning it would be nice to be on the latest version of iOS 8, because who knows when there will be one for iOS 9.

      • Joostiphone

        Well yeah, but that’s the whole issue with jailbreaking. You should have stayed on iOS 8.4 instead of upgrading, no matter what the reason is you upgraded. I would rather that they put there efforts on a iOS 9 jailbreak and work from there, instead of creating a JB that is very soon obsolete.

      • The bugs are patched in iOS 9 according to the article so it’s a case of why not? If the bugs can be exploited it’d be nice if somebody who has the talent to make one would do so.

      • Joostiphone

        Why not? Because it isn’t easy to just create a working jailbreak application (bug free at least). They have the vulnerabilities but that means that still alot of coding needs to be done for the application itself and after that, maintain the JB. I would rather see them working on the iOS 9 jailbreak instead of putting efforts into an almost obsolete iOS version.

      • The jailbreak does not necessarily need to come from Pangu. By disclosing the bugs somebody else that’s talented enough could make use of them…

      • Joostiphone

        Okay, I agree. But still I miss the point on why you wouldnt jailbreak iOS 9 by the time someone has finally coded a iOS 8.4.1 jb. Im sure a known team (TaiG/Pangu) will come up with a iOS 9 jb soon after its release.

      • Unless they’re hiding something it’ll likely take a while to find and exploit a bug(s) in iOS 9. I think an iOS 8.4.1 jailbreak would be useful for at least a couple of months plus it’ll be useful to anyone that has accidentally updated or needs to restore their device because of issues.

      • DeAndre Enrico

        I feel that the reverse is true. I’d rather run the most stable release of the previous version of iOS than the most buggy release of the newest version of iOS.

  • These Chinese fellas are really good. For some reason they seem to be urging apple to patch up iOS 9 really well before release. Why is that? Since when did the Pangu fellows become the guardians of code execution vulnerability?

    • Tyler Smith

      i guess they want more of a challenge… /s

      • That’s exactly what I got out of it. Apple has said its rootless and hackers are up for the challenge. It’ll be a great accomplishment to hack the great rootless iOS 9.

    • Shinonuke

      If the vulnerability affects securities such as backdoor and the likes, then anyone should report it. To add to folks who doesn’t fully understand what’s going on, they are reporting what Apple is already aware.

    • pauleebe

      The article says that Apple patched it in the latest version of iOS 9, meaning that they caught it without TAIG’s help (or, so we speculate). This is why TAIG released the report detailing the exploit, because Apple won’t release an 8.4.2 to close the exploit, thus they lose nothing by explaining it to the public before iOS 9 is released.

      We could still have an 8.4.1 jailbreak.

      • NolesFan

        Agreed, but it needs to come quick. iOS9 will be out within the next few weeks and 8.4.1 will no longer be signed. So, the window of opportunity will be short.

      • Mr_Coldharbour

        Agreed, an iOS 8.4.1 jailbreak could very well exist, just not to the public.

  • 919263

    Kind of stupid to let Apple know the weaknesses in their OS when you are a Jailbreak development/discovery person. Shooting himself in the foot.

    • Matheus Lisboa

      Actually, as the articles says, it was already patched on the newest ios 9 beta. They’re are just letting the public know of a major flaw, apple is already aware.

  • pnh

    Would rather hear that they are spending all of their time on iOS 9.

  • rockdude094

    These vulnerabilities are actually pretty scary. I used to download a bunch of software from random places when I was younger not careing about anything since I had nothing to lose lol