Evasi0n and Pangu Jailbreaks Nominated For 2014 Pwnie Award, Which One Should Win? [POLL]
To get one untethered jailbreak per major iOS release is a blessing in itself, but even though the job of the jailbreaking scene gets more difficult with each year that passes by, the fact that Evad3rs and Pangu both dropped untethered jailbreaks for iOS 7 was nothing short of heroic. Evad3rs’ Evasi0n tool took care of iOS 7.0.x, and when this was eventually plugged, the self-titled tool from the Pangu team took care of iOS 7.1.x. Now, both are up for a Pwnie award in the ‘Best Privilege Escalation Bug’ category, a gathering that highlights the work of those in the field of security research, and although we’ve no personal affinity to one over the other, we’d certainly love to see a jailbreak team yield such acclaim.
The Pwnie Awards covers bugs and exploits found during the past year, from July 2013 to June of this year, and for two jailbreak teams to be nominated is quite unique. Each took very different paths to reach what Cydia fans would consider to be the holy grail, and as both Evad3rs and Pangu await the ceremony to be held at the Black Hat security conference this week, let’s take a look at how each came to be.
With the roll-out of iOS 7 back in September, the attention of jailbreakers immediately turned to the scene, and after a couple of months’ hard work, the Evad3rs team rolled out Evasi0n iOS 7 jailbreak. The group, comprised of seasoned jailbreak veterans MuscleNerd, Pimskeks, Planetbeing and Pod2g, used their experience to come through with the exploit, which covered iOS 7.0.1 all the way through to iOS 7.0.6.
As ever, Apple eventually spoiled the party with iOS 7.1, and as well as introducing features like CarPlay, it also plugged the exploits that Evasi0n had pounced on. For a while, the jailbreak scene went quiet, seemingly resigned to the prospect of iOS 8, but from nowhere came Pangu jailbreak.
Interestingly, Stefan Esser, better known as i0n1c, has claimed that Pangu gathered the exploits from one of his own security talks, and if true, this would cast some doubt as to whether the China-based outfit should take full credit. But, the Pangu team on Twitter has clarified that since the release of Pangu v1.1, all the kernel exploits are theirs.
Nevertheless, the iOS 7.1 jailbreak has worked wonders for all devices running on Apple’s newer firmware, and with Planetbeing having scooped the Pwnie for ‘Best Privilege Escalation Bug’ last year, he’ll be hoping for another going for his part in Evasi0n’s rise to prominence.
Other nominees in ‘Best Privilege Escalation Bug’ this year includes: Francisco Falcon for VirtualBox VM Breakout using 3D Acceleration, Sebastian Apelt for AFD.sys Dangling Pointer Vulnerability and Comex & Geohot for Linux Futex Bug.