Apple con iOS 8.4.1 blocca il jailbreak di TaiG

Brutte notizie per i jailbreakers, Apple con il nuovo sistema operativo iOS 8.4.1, rilasciato pochi minuti fa, ha bloccato la possibilità di effettuare il jailbreak di tale firmware utilizzando il tool TaiG.

Tutti coloro che dispongono di un dispositivo con iOS 8.4 ed il jailbreak effettuato devono quindi tenersi alla larga dal nuovo iOS 8.4.1, questo perchè Apple ha chiuso diverse falle che erano state utilizzate dagli hacker per l’effettuazione del jailbreak di iOS 8.4. Vediamo qui di seguito in dettaglio quali sono state le patch che ha applicato al suo nuovo sistema operativo mobile, vediamole in dettaglio:

AppleFileConduit
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem
● Description: An issue existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks.
● CVE-2015-5746 : evad3rs, TaiG Jailbreak Team

Air Traffic
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: AirTraffic may have allowed access to protected parts of the filesystem
● Description: A path traversal issue existed in asset handling. This was addressed with improved validation.
● CVE-2015-5766 : TaiG Jailbreak Team

Backup
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to create symlinks to protected regions of the disk
● Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
● CVE-2015-5752 : TaiG Jailbreak Team

Code Signing
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to execute unsigned code
● Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation.
● CVE-2015-3806 : TaiG Jailbreak Team

Code Signing
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A specially crafted executable file could allow unsigned, malicious code to execute
● Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.
● CVE-2015-3803 : TaiG Jailbreak Team

Code Signing
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A local user may be able to execute unsigned code
● Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.
● CVE-2015-3802 : TaiG Jailbreak Team
● CVE-2015-3805 : TaiG Jailbreak Team

IOHIDFamily
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A local user may be able to execute arbitrary code with system privileges
● Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling.
● CVE-2015-5774 : TaiG Jailbreak Team