iOS 8.4.1 Jailbreak Kernel Vulnerabilities Detailed By Pangu

Uzair Ghani

Apple patched all TaiG jailbreak exploits with the release of iOS 8.4.1 download for iPhone, iPad and iPod touch, putting an end to a long cat and mouse game between Cupertino and the flourishing community of jailbreakers. But luckily enough, the Pangu team jumped into the scene and demonstrated the first ever iOS 8.4.1 jailbreak on an iPhone 6 at HackPwn2015. Since then the team has been silent on the matter, but today, it has released some details on the kernel vulnerabilities that were used to pull the jailbreak feat off on iOS 8.4.1.

iOS 8.4.1 Jailbreak

While the literature Pangu has posted might be a little too technical for some, but the team has detailed the vulnerabilities in iOS 8.4.1's AppleHDQGasGaugeControl, which were used to pull off the jailbreak.

According to the Pangu team itself:

When auditing iOS kernel executable, we found that the code quality of is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and gain code execution in the kernel, just by exploiting this single vulnerability.

The sad news here is that the second and third bugs have already been patched in iOS 9 beta 5, which means that we shouldn't hold our breath for an iOS 9 jailbreak just yet. But given the hard work the Pangu team has put into the iOS 8.4.1 jailbreak, we're certain that we'll get to hear some good news in the days to come.

Note that these vulnerabilities cannot be triggered inside the container sandbox. And we confirmed that the 2nd and the 3rd bugs are already fixed in iOS 9 beta5.

Apple has also stopped signing iOS 8.4, which means that those who have updated to iOS 8.4.1 are left without a jailbreak, and there's no possibility of downgrading your firmware whatsoever. If you're one of those unlucky few who updated to iOS 8.4.1, then just sit tight, don't panic, as the Pangu team will bring us positive news in the days to come, hopefully.


On iOS 8.4 or below and want to jailbreak?

If you’re a Windows user, then check out our guide posted here for complete details. Alternatively, if TaiG is not your cup of tea then you can try its alternative PP to achieve the same thing. You can follow our complete guide posted here on how to use the PP jailbreak tool to liberate iOS 8.4.

If you’re on iOS 8.4.1 already, then be sure to check out: iOS 8.4.1 Jailbreak – Everything You Need to Know.


Share this story