Jailbreakers got an unexpected present last week when a relatively unknown hacker group released a jailbreak for iOS 7.1.1. Called “Pangu,” the jailbreak package was later determined to be safe besides a shady pirate app store installed alongside the program.
But the Pangu jailbreak isn’t all that it appears. The methods the jailbreak uses to hack your device were stolen.
According to iOS researcher Stefan Esser — who has previously been responsible for untethered jailbreaks under the handle i0n1c — the Pangu jailbreak relies upon two stolen things in order to work: an enterprise certificate from Apple, and Esser’s own secret jailbreak methods.
“They are just thieves,” Esser wrote on Twitter.
It’s not uncommon for apps to sidestep the vetting process of the iOS App Store by using enterprise certificates. That is, for example, the technique the popular iOS GameBoy emulator GBA4iOS uses to install itself on devices. Enterprise certificates allow a developer to install their app on as many devices as they’d like, without Apple’s approval, and while Apple can revoke the enterprise certificate at any time, in most case, the certificate will continue to work as long as you roll your system date back.
But the theft of Esser’s jailbreak techniques might be a bigger deal. It seems abstract at first, but Esser claims that the Pangu jailbreak uses many secret vulnerabilities that he has only shared with other people in a research setting.
“The Pangu jailbreak does not only use one info leak bug but several from my training. And there is basically my code linked directly into it,” Esser wrote.
From a practical perspective, though, the fact that these vulnerabilities were used to jailbreak iOS 7.1.1 just months before iOS 8 is released means that Apple will have patched them by the time the next major version of their operating system comes around. Which means that, potentially, an iOS 8 jailbreak could take even longer to find than it usually does. And that’s bad news for everyone.
Source: Macworld
