Pangu iOS 8.1.1 Jailbreak News: Are Exploits Patched?

Pangu iOS 8.1.1 jailbreak might not be available right after Apple launched this new firmware update. We’ve heard about iOS 8.1.1 exploits patched report from developers who are testing the first beta of iOS 8.1.1 released by the company last week.

If Apple kills iOS 8 jailbreak in the next iOS 8.1.1 hackers will have to search for new exploits that can be used in the next jailbreaking utility.

This way they will have to wait till hackers work on the new program and this might take much longer than it happened with iOS 8 Pangu jailbreak release. According to devs who share their impressions on the new firmware beta, it will bring some improvements to the iPhone 4S users and iPad 2 users. These users suffered from bugs, issues and problems on iOS 8. Hopefully their issues will be gone with iOS 8.1.1 update.

Users who wish to stay jailbroken might want to restore to iOS 8.1 while such an option is available. Experts say that you will be able to jailbreak this firmware and enjoy all the jailbreak applications and Cydia tweaks.

As one of the Pangu hackers notes, the new beta tested by devs show that the jailbreak exploit was killed. Hackers advice all users to update to iOS 8.1 or restore to this firmware version before the iPhone maker has officially launched the next iOS 8.1.1 version.

There weren’t official reports from hackers on their Twitter page and Weibo account, but they will surely follow once the firmware is updated and the jailbreak is not released because of the lost exploits.


New iOS Malware Attacks Users Who Are Jailbroken [AdThief]

There is a report that a new iOS malware attacks users with jaibroken iDevices. The malware is known as AdThief. It infects iPhones and iPad that were jailbroken and become more sensitive to third-party programs which can be installed only when you are jailbroken.

The news comes from Axelle Apvrille who is a security researcher and assures that 75,000+ gadgets are already infected. AdThief malware has a mask. It injects on Apple devices as a Cydia Substrate extension.

This jailbroken iPhone malware attack that also works on iPads doesn’t harm users. It steals income from devs who get advertisement revenues from apps and games. The tool can swap ad identifiers which causes iOS developers lose their income.

jailbroken iphone malware attack

iOS jailbreak malware was first discovered in spring 2014. Apvrille mentions over 20 million mobile ads being hijacked by AdThief so far. It is not clear who has created this AdThief program, but it might be present on your iPhone, iPad and iPod touch if you jailbroke it using Pangu, Evasi0n or p0sixpwn. The program covers advertising networks in China, U.S. and other countries across the world.
Whoever developed this malware for jailbroken iDevices managed to use Cydia Substrate which is present in most jailbreak tweaks to create their tool capable of replacing identifiers of ads with the creator’s.

One name is still associated with the program. Rover12421 from China is believed to stay behind the jailbreak malware AdThief. This hacker is also known as “zerofile” on different forums. However this guy assures that he doesn’t distribute his creation. He says he has only created its prototype and does nothing more.

Don’t use untrusted sources to download applications and games. Cydia store has a lot of trusted repos where you can get hacks and jailbreak tweaks for your iPhone, iPad and iPod. Some malware programs can be dangerous!


New iOS 7.1 Security Flaw Can Expose Your Contacts

iOS 7.1 just like the newer iOS 7.1.1 show new security problems users might come across. The latest iOS 7.1 security flaw discovered can potentially allow anyone see your contacts without unlocking the iPhone. This can be another iOS 7.1 problem especially if you don’t want anyone to access your contact list on Apple smartphone.

The problem was reported by Sherif Hashim who is a security researcher from Egypt. The issue, according to Hashim, is with Siri Voice assistant. It can help third-party users to bypass your lock screen on iOS 7.1 handset and see all your contacts.


iOS 7.1 Siri problems might not harm  you too much but this is still unpleasant if someone can find your contact list. As the expert notes, Siri can be asked to look into your contacts while the iPhone has a locked screen. Just type a “Call a” phrase and the program will show the contacts list to you.

The iOS 7.1 security issues mentioned above were found on iPhone 5S. Some people tried to repeat this method with iPhone 5c running iOS 7.1.1 firmware but failed to get the full list of contacts. Maybe the issue is faced on the iPhone 5S models only, who knows…

There are not comments from Apple regarding this security risk. Siri will not help you if you instruct it to show “Contacts” as it will ask you to unlock your iPhone first. Users who are afraid of the problem can turn off Siri in their lockscreen and be safe or simply install iOS 7.1.1 update as it closes a lot of holes in previous firmware version. The issue won’t allow anyone accessing your iPhone contacts distantly. People need to have it physically in their hands to bypass lockscreen option this way. It looks like your model and operating system version matter.


iOS 7.1 Problems with Unencrypted Email Attachments on iPhones

A new flaw in iOS 7 security system is found by some Apple fans. There were a lot of different iOS 7.1 bugs and iOS 7 problems faced by ordinary users and developers. Apple tried to fix them in iOS 7.1.1 but the issues are not gone completely.

A researcher who shares his report with public [Andreas Kurtz] assures that while the Cupertino-based giant has to protect email attachments with data encryption, operating systems starting from 7.0.4 and above lack this important feature.


The expert discovered iOS 7 bugs whey he accessed his iPhone 4 file system. This smartphone had iOS 7.1 and then iOS 7.1.1 and both versions of mobile firmware showed unencrypted attachments to emails. The same security flaw was reproduced by Kurtz on his iPhone 5S smartphone that had 7.0.4 installed on it.

According to Kurtz, “all attachments” in his email folder could be accessed “without any encryption / restriction.” Apple got the report about the flaw, but it is not clear when the company will patch this hole in its system.

The spokesperson for the famous iPhone maker assures Apple is “aware of the issue.” The company is said to be searching the fix to this bug which will be delivered to used “in a future software update.”

There is no need to panic because it is not that easy to exploit this hole for attackers. Firstly, your iPhone has to be stolen to be reached. Secondly, it has to be jailbroken to bypass your password. Thirdly, if you have iOS 7.1 or 7.1.1 you are at no risk because these two versions of mobile software cannot be jailbrokenat the moment.


Userland Details on Evasi0n Jailbreaking Tool Component

The tool created by the Evad3rs hackers supports iOS 6 jailbreak up to iOS 6.1.2. It is called Evasi0n and we can finally learn which exploits it has, how it works and see its userland details. It might be interesting for you to learn more about Evasi0n components because its exploits are completely different from the ones used for JailbreakMe and other tethered jailbreak methods.


Saurik Releases Both An Exploit (Cydia Impactor) And A Patch For The ‘Android Master Key’ Vulnerability

Saurik really is a jack of all trades. Not only is he the mastermind behind Cydia, essentially a 3rd party App Store for Jailbroken iOS devices, but he is also behind numerous Cydia tweaks and iOS frameworks. To top all of this off Saurik even turned his attention to Android back in May when he released both Cydia Substrate and Winterboard for Android. It looks like Saurik isn’t done with Android just yet though…

Android Master Key

He has tweeted today that he has just patched a severe security vulnerability that plagues 99% of Android devices that has been nicknamed ‘Android Master Key.’ The vulnerability was originally discovered by the company Bluebox Security and I will let them take it away in explaining it to you:

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

Not only has Saurik patched ‘Android Master Key’ and released it to the public for those that want to manually protect themselves though, he has also released a tool called Cydia Impactor that can root an Android phone or tablet utilizing the vulnerability. He has noted that it should “work up through approximately Android 4.1, including Glass and Google TV.”

Saurik Releases Both An Exploit (Cydia Impactor) And A Patch For The 'Android Master Key' Vulnerability

As 9To5Google explains “In true jailbreak fashion, the exploit [tool] runs from a Mac or PC and in a few steps gives your su/Root access to the infected phone/tablet. While it isn’t as plug and play easy as recent iOS jailbreaks, it is easy enough for anyone who wants to root their unpatched phone to do in a few minutes.”
Saurik plans to go into more detail on the vulnerability, his patch and Cydia Impactor next month at the annual Black Hat security conference in Las Vegas. In the mean time be sure to check out his in-depth article on the matter on his blog.

VIA iJailbreak