Apple Patches Yet Another Exploit In iOS 9 Used By Pangu And TaiG Teams
Following the release of iOS 9 to the public, Apple has now posted a knowledge base document that outlines the security fixes that went into the software. One of those, it would seem, plugs a hole that allowed applications to bypass code signing, effectively allowing jailbreak apps to function.
According to the document, the credit for the find goes to Pangu and TaiG jailbreak teams from China. But it’s not clear yet whether this is the same vulnerability in iOS 8.4.1 which Pangu confirmed last week to have been patched in iOS 9 GM version, or a different one.
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.
CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team
While patching of yet another hole that could have been used for jailbreaking is a shame, we’ve already seen at least one prominent hacker iH8sn0w who has found a way to jailbreak iOS 9, but whether or not he will ever release it for public is another story altogether.
Apple’s patching of exploits and vulnerabilities is nothing new, especially when they result in a popular jailbreak being made available. Apple also closed a ton of jailbreak related exploits in iOS 8.4.1 which was released last month.
Those who jailbreak may enjoy their tweaks etc., but it’s clear to see why Apple doesn’t allow anyone and everyone to fiddle with iOS at the lowest level. Security is one of Apple’s biggest claims for iOS, and in a world where Android can be all too easily threatened by malware, iOS has so far done well to steer clear of such problems.