Under the right circumstances, a recently released jailbreaking tool for iOS 7.1 – Pangu – can be used by attackers to compromise Apple's mobile devices, according to mobile security company Lacoon.
Currently, running Pangu requires a physical connection between the mobile and a PC, according to a Wednesday post by Ohad Bobrov, vice president of research and development with Lacoon, who added that jailbreaking the device takes a couple of mouse clicks and a few minutes.
Since jailbreaking escalates privileges and enables the removing of iOS security mechanisms, an attacker could then install surveillance software on the iPhone or iPad, which can allow the bad actor to send text messages, intercept emails and data from banking applications, and record audio – all unbeknownst to the owner.
Pangu uses an Apple enterprise certificate to jailbreak iOS 7.1 devices, Bobrov wrote.
