The Pangu jailbreak could put an iOS 8 jailbreak even further out of reach

Screen Shot 2014-06-26 at 8.02.49 AM

Jailbreakers got an unexpected present last week when a relatively unknown hacker group released a jailbreak for iOS 7.1.1. Called “Pangu,” the jailbreak package was later determined to be safe besides a shady pirate app store installed alongside the program.

But the Pangu jailbreak isn’t all that it appears. The methods the jailbreak uses to hack your device were stolen.

According to iOS researcher Stefan Esser — who has previously been responsible for untethered jailbreaks under the handle i0n1c — the Pangu jailbreak relies upon two stolen things in order to work: an enterprise certificate from Apple, and Esser’s own secret jailbreak methods.

“They are just thieves,” Esser wrote on Twitter.

It’s not uncommon for apps to sidestep the vetting process of the iOS App Store by using enterprise certificates. That is, for example, the technique the popular iOS GameBoy emulator GBA4iOS uses to install itself on devices. Enterprise certificates allow a developer to install their app on as many devices as they’d like, without Apple’s approval, and while Apple can revoke the enterprise certificate at any time, in most case, the certificate will continue to work as long as you roll your system date back.

But the theft of Esser’s jailbreak techniques might be a bigger deal. It seems abstract at first, but Esser claims that the Pangu jailbreak uses many secret vulnerabilities that he has only shared with other people in a research setting.

“The Pangu jailbreak does not only use one info leak bug but several from my training. And there is basically my code linked directly into it,” Esser wrote.

From a practical perspective, though, the fact that these vulnerabilities were used to jailbreak iOS 7.1.1 just months before iOS 8 is released means that Apple will have patched them by the time the next major version of their operating system comes around. Which means that, potentially, an iOS 8 jailbreak could take even longer to find than it usually does. And that’s bad news for everyone.

Related

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his girlfriend and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , |