Difference between revisions of "P0sixspwn"

From The iPhone Wiki
Jump to: navigation, search
Line 40: Line 40:
   
 
== Exploits ==
 
== Exploits ==
* P0SIX_SPWN_DISABLE_ASLR (found by [[i0n1c]])
+
* posix_spawn kernel information leak (by [[i0n1c]])
  +
* mach_msg_ool_descriptor_ts for heap shaping
* P0SIX_SPWN_ALLOW_DATA_EXEC (found by [[i0n1c]])
 
  +
* DeveloperDiskImage race condition (by [[comex]])
* CS_ENFORCEMENT_DISABLE (used in [[evasi0n7]])
 
* MobileBackup2 Injection Vector (used in [[evasi0n]])
+
* dyld S_ATTR_LOC_RELOC/function reexport (also used in [[evasi0n7]])
* Root Mount exploit (used in [[Spirit]] by [[comex]])
+
* MobileBackup2 arbitrary symbolic link restore (also used in [[evasi0n]])
  +
* launchd.conf
   
 
== External Links ==
 
== External Links ==

Revision as of 04:25, 2 January 2014

p0sixspwn is an untethered jailbreak for iOS 6.1.3-6.1.5 by winocm, iH8sn0w and SquiffyPwn. It was initially made available as an Cydia package on Saurik's repo to untether already jailbroken devices. It works with all devices that support iOS 6.1.3-6.1.5, except for Apple TV 3. On 30 December 2013, a Mac OS X program was released to perform a jailbreak. A Windows version is coming soon.

Changelog

  • 1.3-2 Fixes iMessage, LTE issues and Apple TV 2G support.
  • 1.2-1 Various bug fixes.
  • 1.1-3 Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only)
  • 1.1-2 Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only)
  • 1.1-1 Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only)
  • 1.0-9 iPhone 4 GSM boot loop fix
  • 1.0-5 the initial release of the untether

Download

Version OS SHA-1 Hash Download Changes
1.0.0 Mac OS X b5a66f4e58ab4c813fc851d479b28188eb5115ec Mega
  • Initial release.
1.0.1 ae5b3907660b161b2ff94a2e2cfef97195404a89 Mega
  • Resolves issues with iPod touch 5 not being detected.
1.0.2 259e95fd16468260c8831ca17186f50b7d14ba41 Mega
  • Resolves issues with LTE/data.

Exploits

  • posix_spawn kernel information leak (by i0n1c)
  • mach_msg_ool_descriptor_ts for heap shaping
  • dyld S_ATTR_LOC_RELOC/function reexport (also used in evasi0n7)
  • DeveloperDiskImage race condition (by comex)
  • MobileBackup2 arbitrary symbolic link restore (also used in evasi0n)
  • launchd.conf

External Links