Apple briefly allows, pulls jailbreak app on iOS App Store

Posted:
in iPhone
An app ostensibly for browsing Dribbble passed through Apple's App Store review process despite coming loaded with a hidden feature that allowed users running iOS 9.3.3 or earlier to jailbreak their device.




The "PG Client" app billed itself as a better client for the service that allows graphic artists to share works. However, when opened, the app was a Chinese version of the Pangu jailbreak tool.

The app was made available by the developer on Sunday at some point. By 3:30 p.m. Eastern, Apple had disabled the download, and by 4:00 p.m. had stricken the webpage for the app leading to the App Store download as well.

Apple's iOS 9.3.4 and 9.3.5 updates were distributed earlier in August, both of which killed the framework to the jailbreak in the PG Client app.

An accompanying support document for the iOS 9.3.4 update noted a fix for a memory corruption issue that could allow an application to execute arbitrary code. In the update notes, Team Pangu was credited for discovering the vulnerability.

Initial speculation about the app suspected that the jailbreak was based on one of the exploits from the "Pegasus" malware package, but those suspicions were quickly debunked.

In May, a revamp of the App Store's policies and procedures led to a shortening of approval times from submission to app approval and publication. An app's approval takes an average of 1.95 days from submission to availability, down from nearly 5 days in December, and 9 days in February 2015.

Comments

  • Reply 1 of 8
    lkrupplkrupp Posts: 10,557member
    Meh, let ‘em jaibreak. With the Trident malware package apparently out there since iOS 7 they deserve what they get.
    apple ][SpamSandwich
  • Reply 2 of 8
    gatorguygatorguy Posts: 24,176member
    This is where that app was discussed, and where it may first have come to Apple's attention:
    https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
  • Reply 3 of 8
    apple ][apple ][ Posts: 9,233member
    lkrupp said:
    Meh, let ‘em jaibreak. With the Trident malware package apparently out there since iOS 7 they deserve what they get.
    Have you ever noticed when reading reviews for apps, a lot of the complaints are from neanderthals running old versions of iOS on their devices (because of a jailbreak no doubt)?

    Funny, most of those apps work well for me, but then again, I have the latest OS version. I think that the last time I updated was a couple of days ago.

    Just update your OS, you dummies.
    netmage
  • Reply 4 of 8
    linkmanlinkman Posts: 1,035member
    Considering that the latest jailbreak (along with some bonus malware) is accessible with just browsing to a web page is this really a big deal? Yes, Apple should have caught it in their approval process.
  • Reply 5 of 8
    App-Store review ist not a code check. Anyway, stuff like that will be past when Swift gets enforced as must language to use. 
  • Reply 6 of 8
    bsenkabsenka Posts: 799member
    apple ][ said:
    lkrupp said:
    Meh, let ‘em jaibreak. With the Trident malware package apparently out there since iOS 7 they deserve what they get.
    Have you ever noticed when reading reviews for apps, a lot of the complaints are from neanderthals running old versions of iOS on their devices (because of a jailbreak no doubt)?

    Funny, most of those apps work well for me, but then again, I have the latest OS version. I think that the last time I updated was a couple of days ago.

    Just update your OS, you dummies.
    No. I've never jailbroken, and it's the updating that is the thing that usually causes the problems. Phone worked perfectly well until I blindly trusted Apple and just installed their update when prompted. Then, with few exceptions, something I really liked no longer works properly. The only way to be safe and make sure that an Apple device really works properly is to try to stay one or two versions behind current.
  • Reply 7 of 8
    Grimzahn said:
    App-Store review ist not a code check.
    It is not, since the developers don't submit code at all...
Sign In or Register to comment.