Difference between revisions of "Jailbreak Exploits"

From The iPhone Wiki
Jump to: navigation, search
(7.1 / 7.1.1 / 7.1.2: seperated geeksn0w and Pangu, added a few "exploits" found while analysing the binary)
(7.1 / 7.1.1 / 7.1.2)
Line 166: Line 166:
 
* [[limera1n]]'s bootrom exploit ([[Tethered jailbreak]]) on [[iPhone 4]]
 
* [[limera1n]]'s bootrom exploit ([[Tethered jailbreak]]) on [[iPhone 4]]
 
[[Pangu]]
 
[[Pangu]]
* Infoleak vulnerability
+
* [[i0n1c]]'s Infoleak vulnerability (Pangu 1.0)
  +
* break_early_random (by [[i0n1c]] and Tarjei Mandt of Azimuth) (Pangu 1.1)
  +
* LightSensor /ProxALSSensor kernel exploit (Pangu 1.0)
  +
* TempSensor kernel exploit (Pangu 1.1)
 
* “syslogd chown” vulnerability
 
* “syslogd chown” vulnerability
* enterprise certificate (no real exploit, used for initial unsigned code execution)
+
* enterprise certificate (no real exploit, used for initial "unsigned" code execution)
 
* "foo_extracted" symlink vulnerability (used to write to /var)
 
* "foo_extracted" symlink vulnerability (used to write to /var)
 
* /tmp/bigfile (maybe a timeout)
 
* /tmp/bigfile (maybe a timeout)
* VoIP background trick (used to auto restart the app)
+
* VoIP backgrounding trick (used to auto restart the app)
  +
* hidden segment attack

Revision as of 16:29, 1 July 2014

This page lists the exploits used in Jailbreaks.

Exploits which were used in order to jailbreak 1.x

1.0.2

  • Restore Mode (iBoot had a command named cp, which had access to the whole filesystem)

1.1.1

1.1.2

  • Mknod (an upgrade jailbreak)

1.1.3 / 1.1.4 / 1.1.5

Exploits which are used in order to jailbreak 2.x

2.0 / 2.0.1 / 2.0.2 / 2.1

2.1.1

2.2

2.2.1

Exploits which are used in order to jailbreak 3.x

3.0 / 3.0.1

3.1 / 3.1.1

3.1.2

3.1.3

3.2

3.2.1

3.2.2

Exploits which are used in order to jailbreak 4.x

4.0 / 4.0.1

4.0.2

4.1

4.2.1

4.2.6 / 4.2.7 / 4.2.8

4.2.9 / 4.2.10

4.3

4.3.1 / 4.3.2 / 4.3.3

4.3.4 / 4.3.5

Exploits which are used in order to jailbreak 5.x

5.0

5.0.1

5.1

5.1.1

Exploits which are used in order to jailbreak 6.x

6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2

6.1.3 / 6.1.4 / 6.1.5 / 6.1.6

This section is a stub; it is incomplete. Please add more content to this section and remove this tag.

Exploits which are used in order to jailbreak 7.x

This section is a stub; it is incomplete. Please add more content to this section and remove this tag.

7.0 / 7.0.1 / 7.0.2 / 7.0.3 / 7.0.4 / 7.0.5 / 7.0.6

7.1 / 7.1.1 / 7.1.2

geeksn0w

Pangu

  • i0n1c's Infoleak vulnerability (Pangu 1.0)
  • break_early_random (by i0n1c and Tarjei Mandt of Azimuth) (Pangu 1.1)
  • LightSensor /ProxALSSensor kernel exploit (Pangu 1.0)
  • TempSensor kernel exploit (Pangu 1.1)
  • “syslogd chown” vulnerability
  • enterprise certificate (no real exploit, used for initial "unsigned" code execution)
  • "foo_extracted" symlink vulnerability (used to write to /var)
  • /tmp/bigfile (maybe a timeout)
  • VoIP backgrounding trick (used to auto restart the app)
  • hidden segment attack