Apple blocca il jailbreak del team TaiG con iOS 8.4.1

Con il rilascio di iOS 8.4.1 Apple ha praticamente bloccato il Jailbreak del team TaiG, correggendo alcune vulnerabilità scoperte ed utilizzate proprio dal team di hacker.

Un documento dettagliato sul contenuto di sicurezza di iOS 8.4.1, qui riportato, svela i vari exploit bloccati da Apple. Se quindi non volete rinunciare al Jailbreak, state lontani da iOS 8.4.1.

AppleFileConduit

• Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem
• Description: An issue existed in the symbolic linking mechanism of afc. This issue was addressed by adding additional path checks.
• CVE-2015-5746 : evad3rs, TaiG Jailbreak Team

Air Traffic

• Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• Impact: AirTraffic may have allowed access to protected parts of the filesystem
• Description: A path traversal issue existed in asset handling. This was addressed with improved validation.
• CVE-2015-5766 : TaiG Jailbreak Team

Backup

• Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• Impact: A malicious application may be able to create symlinks to protected regions of the disk
• Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
• CVE-2015-5752 : TaiG Jailbreak Team

Code Signing

• Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• Impact: A malicious application may be able to execute unsigned code
• Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation.
• CVE-2015-3806 : TaiG Jailbreak Team

Code Signing

• Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• Impact: A specially crafted executable file could allow unsigned, malicious code to execute
• Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.
• CVE-2015-3803 : TaiG Jailbreak Team

Code Signing

• Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• Impact: A local user may be able to execute unsigned code
• Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.
• CVE-2015-3802 : TaiG Jailbreak Team
• CVE-2015-3805 : TaiG Jailbreak Team

IOHIDFamily

• Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• Impact: A local user may be able to execute arbitrary code with system privileges
• Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling.
• CVE-2015-5774 : TaiG Jailbreak Team