Apple has released iOS 9.3.4 for iPhone, iPad and iPod touch with ‘important security updates’. The update fixes a security flaw with IOMobileFrameBuffer that allowed Pangu jailbreak to work. Now that this bug is fixed, Pangu jailbreak is rendered useless on iOS 9.3.4 devices.
If you want to keep your jailbreak working, do not update to iOS 9.3.3. If you have already updated to iOS 9.3.4, you can downgrade as Apple is still signing iOS 9.3.3 at the time of writing.
Pangu had released its jailbreak for iOS 9.3.3 around a week ago. It worked by taking advantage of the IOMobileFrameBuffer security flaw. Users had to install a the Pangu app to their iOS device by either signing it themselves or by signing it using Cydia Impactor or download it via Mobile Safari to install without a computer. Pangu 1.1 was released just yesterday with an embedded certificate.
Apple had already been working against the jailbreak by invoking the signing certificate that Pangu initially used.
Here is Apple’s description of iOS 9.3.4 update:
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.
CVE-2016-4654: Team Pangu
Ironically, Apple has credited Team Pangu for the security patch.
Perhaps, the slightly positive news is that iOS 10 was already jailbroken so once it is released to the public, jailbreak teams might release a tool for it pretty soon. iOS 10 jailbreaks have been demoed by Team Pangu and iH8sn0w.
To keep your jailbreak securely working on iOS 9.3.3, make sure not to update to iOS 9.3.4 neither via OTA nor via iTunes. Although it exposes users to the security vulnerability fixed by Apple in the update, hopefully, some developer will release a fix via Cydia too.
We will keep you updated.