Cei din Cupertino au obiceiul de a credita hackerii dezvoltatori de solutii de jailbreak atunci cand acopera diverse vulnerabilitati ale sistemului de operare, acelasi lucru intamplandu-se in cazul iPhone Dev Team sau Evad3rs, dar acest lucru nu este imbucurator pentru noi. Din pacate blocarea acestei solutii de jailbreak nu va aduce una noua in viitorul apropiat, dar cu siguranta vom vedea alta noua lansata in cursul anului viitor, indiferent cand va veni ea.
Dyld
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A local user may be able to execute unsigned code
● Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
● CVE-ID: CVE-2014-4455 : @PanguTeamKernel
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to execute arbitrary code with system privileges
● Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.
● CVE-ID: CVE-2014-4461 : @PanguTeamSandbox Profiles
● Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
● Impact: A malicious application may be able to launch arbitrary binaries on a trusted device
● Description: A permissions issue existed with the debugging functionality for iOS that allowed the spawning of applications on trusted devices that were not being debugged. This was addressed by changes to debugserver’s sandbox.
● CVE-ID: CVE-2014-4457 : @PanguTeam
This post was last modified on nov. 18, 2014, 9:19 AM 09:19