An app ostensibly for browsing Dribbble passed through Apple's App Store review process despite coming loaded with a hidden feature that allowed users running iOS 9.3.3 or earlier to jailbreak their device.
The "PG Client" app billed itself as a better client for the service that allows graphic artists to share works. However, when opened, the app was a Chinese version of the Pangu jailbreak tool.
The app was made available by the developer on Sunday at some point. By 3:30 p.m. Eastern, Apple had disabled the download, and by 4:00 p.m. had stricken the webpage for the app leading to the App Store download as well.
Apple's iOS 9.3.4 and 9.3.5 updates were distributed earlier in August, both of which killed the framework to the jailbreak in the PG Client app.
An accompanying support document for the iOS 9.3.4 update noted a fix for a memory corruption issue that could allow an application to execute arbitrary code. In the update notes, Team Pangu was credited for discovering the vulnerability.
Initial speculation about the app suspected that the jailbreak was based on one of the exploits from the "Pegasus" malware package, but those suspicions were quickly debunked.
In May, a revamp of the App Store's policies and procedures led to a shortening of approval times from submission to app approval and publication. An app's approval takes an average of 1.95 days from submission to availability, down from nearly 5 days in December, and 9 days in February 2015.