The participants of the hacker group Pangu shared information about three security vulnerabilities in iOS. We are talking about actual software update iOS 8.4.1 for iPhone, iPad and iPod touch.
In the article titled “Vulnerabilities in the iOS kernel 8.4.1 in AppleHDQGasGaugeControl” described three dangerous security flaws: bug with stack overflow that occurs when the call stack is stored more information than it can hold (stack overflow), vulnerability to access to protected memory section and another kind of error of memory overflow, the so – called heap overflow.
Apple distributed the update to iOS 8.4.1 in mid-August. It’s a minor patch, which aims to eliminate bugs in the previous version of firmware, released on June 30. The company tested the update from mid-July. The update contains improvements and bug fixes for Apple Music and closed the gap that used to jailbreak.
“Learning the core of iOS, we found low-quality code in com.apple.driver.AppleHDQGasGaugeControl. In this blog we will describe three vulnerabilities kernel extensions in the latest public version of iOS (8.4.1). Importantly, even one of these bugs is enough to bypass the security and execute arbitrary code”, – stated in the message of hackers.
The developers spoke in detail about the vulnerabilities of the operating system and accompanied post detailing ways of their exploitation.
Apparently the data breaches in the security of iOS 8.4.1 can be used to jailbreak, otherwise Pangu would not have to disclose information. It is noted that two of the three vulnerabilities are closed in the current beta version of iOS 9 beta 5.
