Apple Fixes Jailbreak Vulnerabilities With Release of iOS 8.1.1

Apple’s first update for the iOS 8.1 mobile operating system includes bug fixes, increased stability and performance improvements for older devices, and also addresses several security issues.

iOS 8.1.1 fixes a total of 9 vulnerabilities affecting components such as the CFNetwork framework, the dyld dynamic link editor, the kernel, the lock screen, sandbox profiles, the search system Spotlight, and the browser engine WebKit.

The CFNetwork flaw (CVE-2014-4460) caused browsing data to remain in the cache after closing a private browsing session. Ashkan Soltani has discovered that a user’s approximate location is included in the initial connection between Spotlight or Safari and the Spotlight Suggestions server (CVE-2014-4453).

Two lock screen security bugs have been addressed with the release of iOS 8.1.1. Stuart Ryan of the University of Technology, Sydney noticed that an attacker with physical access to a device could exceed the maximum number of failed passcode attempts (CVE-2014-4451). Researchers also found a lock screen issue that could have been leveraged to access content in the Photo Library (CVE-2014-4463).

Memory corruption vulnerabilities in WebKit (CVE-2014-4452, CVE-2014-4462), which could have led to arbitrary code execution or unexpected application termination, have also been fixed by Apple.

The other three vulnerabilities have been uncovered by the Pangu Team, a Chinese group that specializes in jailbreaking iOS.  According to Apple, the sandbox profiles flaw (CVE-2014-4457) can be exploited to launch arbitrary binaries on a trusted device, the kernel vulnerability (CVE-2014-4461) can be used by a malicious application to execute arbitrary code with system privileges, while the dyld bug (CVE-2014-4455) can be leveraged by a local user to execute unsigned code.

These vulnerabilities have been used by the Pangu Team in their jailbreak. The hackers confirmed that their jailbreak no longer works since Apple released iOS 8.1.1 for developers.

Earlier this month, researchers at security firm FireEye revealed the existence of an iOS vulnerability that can be leveraged to replace genuine applications with illegitimate apps. A limited form of this attack, which FireEye dubbed “Masque,” was used by the recently uncovered WireLurker malware, a threat that is believed to have infected the devices of hundreds of thousands of users in China.

The malware, whose alleged developers were arrested by Chinese authorities last week, had been distributed via rogue Mac OS X applications. The threat transferred malicious iOS apps onto devices connected to the infected computer through the USB port. WireLurker had leveraged a form of the Masque attack to target devices through USB.

Apple took some steps to protect its customers against WireLurker shortly after the existence of the threat came to light. However, the vulnerability used in Masque attacks, which FireEye reported to Apple in July 26, has not been fixed. The flaw affects iOS 7.1.1, 7.1.2, 8.0, 8.1 and apparently 8.1.1.