The Pangu is the latest tool for jailbreaking on devices running 7.1 and above the iOS operating system, and is based on an enterprise certificate (enterprise certificate) from Apple that allows installation of non-Apple Store applications.
The security implications of such a tool are very serious because this particular license authorizes the applications that use it to have several privileges on the user's phone than to steal information from the address book and messages or even access the camera and microphone functions.
According to the company Lacoon Security, the Pangu jailbreak tool of a device can be used on all later versions of iPhone (4, 4S, 5S and 5C), and all versions of the iPad, such as Air and Mini.
Since the tool is signed with an Apple certificate, Pangu can bypass all measures security σε μια συσκευή iOS και να αποκτήσει αυξημένα προνόμια, που επιτρέπουν την πλήρη πρόσβαση στο smartphone ή το tablet.
Ohoon Bobrov of Lacoon Security reports that the certificate used for the Pangu application is linked to Hefei Bo Fang Communication Technology Co. Ltd. "
We have no information about how the hackers κατάφεραν να αποκτήσουν ένα τέτοιο πιστοποιητικό, το οποίο η Apple διαθέτει σε ένα μικρό αριθμό εταιρειών, μετά από ενδελεχή research, which determines whether there is any risk of abuse.
In this case, Apple should probably take the necessary steps to revoke that certificate.
The vulnerabilities που χρησιμοποιήθηκαν από τους προγραμματιστές του Ρangu έχουν ανακαλυφθεί από τον Stefan Esser, ένα πολύ γνωστό ερευνητή της platformof iOS. Esser shared some iOS exploits for educational purposes, but kept many important details to himself. As for the information he shared he did not give his permission for anyone to use it.
The researcher reported that Rangu developers offered to buy iOS exploits, but refused to sell them.[tweet_embed id = 482004118698217472] [tweet_embed id = 481923306371944450]