Many reports of unauthorized access to online accounts such as PayPal, Facebook, and credit/debit accounts have prompted Apple to issue yet another update to iOS 9. As I stated in my previous blog, I believe Apple intended 9.3.3 to be the final 9.x update, however the recent update to the popular Pangu Jailbreak tool seems to have exposed a new vulnerability that simply couldn’t be ignored. The iOS 9.3.4 update addresses this vulnerability.
Experts indicate that they trust Pangu and the original jailbreak tool, and suspect that it may have been compromised in distribution after it left their hands. A common element for the exploit seems to be those who used the “PPHelper” tool from Chinese company 25PP, a jailbreak distribution tool commonly used on Windows PCs.
The exploit may expose credentials to a variety of online services, notably PayPal, social accounts and Credit and Debit accounts, with most of the fraudulent accesses coming from places like Taiwan, Vietnam, Beijing, and other places in China. So far, it seems the English version of the Pangu jailbreak tool is untainted, but I would caution against accessing it from any 25PP servers.
This is not intended to scare anyone away from jailbreaking their device if they have legitimate reasons to do so, but you should alway be wary of any software and its source before installing it, be it for jailbreaking, messaging, banking, or simply following the olympics in Rio.
Skycure recommends performing this update, even if you do not jailbreak your device, since there may be additional security enhancements not detailed in this security bulletin.