The Pangu is the latest tool for jailbreaking devices running iOS 7.1 and above, and is based on a enterprise certificate (certificate for businesses) from Apple that allows installation of non-Apple Store applications.
The security implications of such a tool are very serious, because this particular certificate gives permission to applications using it to have enough privileges on the user's phone, from eavesdropping information από το βιβλίο διευθύνσεων και μηνύματα ή ακόμα να έχουν πρόσβαση στη κάμερας και τις functions of the microphone.
According to the company Lacoon Security, the Pangu jailbreak tool of a device can be used on all later versions of iPhone (4, 4S, 5S and 5C), and all versions of the iPad, such as Air and Mini.
Since the tool is signed with an Apple certificate, Pangu can bypass all security measures on an iOS device and gain increased privileges to allow full access to the smartphone or tablet.
Ohoon Bobrov of Lacoon Security reports that the certificate used for the Pangu application is linked to Hefei Bo Fang Communication Technology Co. Ltd. "
We have no information about how hackers managed to obtain such a certificate, which Apple has in a small number of companies, after a thorough investigation, which determines whether there is any risk of abuse.
In this case, Apple should probably take the necessary measures for it recall of the specific certificate.
The vulnerable points used by Rangu developers have been discovered by Stefan Esser, a well-known iOS platform researcher. Esser shared some iOS exploits for educational purposes, but kept many important details to himself. As for the information he shared he did not give his permission for anyone to use it.
The researcher reported that Rangu developers offered to buy iOS exploits, but refused to sell them.
[tweet_embed id = 482004118698217472] [tweet_embed id = 481923306371944450]
