Decisamente beffardo l’approccio di Apple nei confronti del team Pangu. Il brand di Cupertino ha ringraziato pubblicamente gli sviluppatori per aver individuato le falle poi riparate con l’aggiornamento iOS 8.1.1.
Ecco quanto emerge nei documenti ufficiali di Apple:
- Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : @PanguTeam
- Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the handling of certain metadata fields of IOSharedDataQueue objects. This issue was addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
