The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "User:Aker"

From The iPhone Wiki
Jump to: navigation, search
(iOS 6 & 7)
Line 1: Line 1:
 
= Jailbreak Exploits =
  
= Jailbreak Exploits =
  +
  +
== Exploits which are used in order to jailbreak 6.x ==
  +
=== [[evasi0n]] (6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2) ===
  +
* [[limera1n]]'s bootrom exploit (Tethered jailbreak) on [[n88ap|iPhone 3GS]] with [[Bootrom 359.3.2|new bootrom]], [[iPhone 4]], and [[n81ap|iPod touch 4G]])
  +
* [[limera1n]]'s bootrom exploit + [[0x24000 Segment Overflow]] (together for [[untethered jailbreak]] on [[n88ap|iPhone 3GS]] with [[Bootrom 359.3|old bootrom]])
  +
* [[Symbolic Link Vulnerability]]
  +
* [[Timezone Vulnerability]]
  +
* [[Shebang Trick]]
  +
* [[AMFID code signing evasion]]
  +
* [[launchd.conf untether]]
  +
* [[IOUSBDeviceFamily Vulnerability]]
  +
* [[ARM Exception Vector Info Leak]]
  +
* [[dynamic memmove() locating]]
  +
* [[vm_map_copy_t corruption for arbitrary memory disclosure]]
  +
* [[kernel memory write via ROP gadget]]
  +
  +
=== [[p0sixspwn]] (6.1.3 / 6.1.4 / 6.1.5 / 6.1.6) ===
  +
* [[posix_spawn kernel information leak]] (by [[i0n1c]])
  +
* [[posix_spawn kernel exploit]] (CVE-2013-3954) (by [[i0n1c]])
  +
* [[mach_msg_ool_descriptor_ts for heap shaping]]
  +
* [[AMFID_code_signing_evasi0n7]]
  +
* [[DeveloperDiskImage race condition]] (by [[comex]])
  +
* [[launchd.conf untether]]
  +
  +
  +
== Exploits which are used in order to jailbreak 7.x ==
  +
{{Section Stub}}
  +
=== [[evasi0n7]] (7.0 / 7.0.1 / 7.0.2 / 7.0.3 / 7.0.4 / 7.0.5 / 7.0.6) ===
  +
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5133 CVE-2013-5133]
  +
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1272 CVE-2014-1272]
  +
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1273 CVE-2014-1273]
  +
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1278 CVE-2014-1278]
  +
* [[Symbolic Link Vulnerability]]
  +
  +
=== [[Geeksn0w]] (7.1 / 7.1.1 / 7.1.2) ===
  +
* [[limera1n]]'s bootrom exploit ([[Tethered jailbreak]]) on [[iPhone 4]]
  +
  +
=== [[Pangu]] (7.1 / 7.1.1 / 7.1.2) ===
  +
* [[i0n1c]]'s Infoleak vulnerability (Pangu v1.0.0)
  +
* break_early_random (by [[i0n1c]] and Tarjei Mandt of Azimuth) (Pangu v1.1.0)
  +
* LightSensor / ProxALSSensor kernel exploit (Pangu 1.0.0)
  +
* TempSensor kernel exploit (Pangu 1.1.0)
  +
* "syslogd chown" vulnerability
  +
* enterprise certificate (no real exploit, used for initial "unsigned" code execution)
  +
* "foo_extracted" symlink vulnerability (used to write to /var)
  +
* /tmp/bigfile (a big file for improvement of the reliability of a race condition)
  +
* VoIP backgrounding trick (used to auto restart the app)
  +
* hidden segment attack
  +
   
 
== Exploits which are used in order to jailbreak 8.x ==
  
== Exploits which are used in order to jailbreak 8.x ==
 
{{Section Stub}}
  
{{Section Stub}}
=== [[Pangu8]] (8.0/8.0.1/8.0.2/8.1) ===
 +
=== [[Pangu8]] (8.0 / 8.0.1 / 8.0.2 / 8.1) ===
 
* an exploit for a bug in /usr/libexec/neagent (source @iH8sn0w)
  
* an exploit for a bug in /usr/libexec/neagent (source @iH8sn0w)
 
* enterprise certificate (inside the IPA)
  
* enterprise certificate (inside the IPA)
Line 13: Line 62:
 
* CVE-2014-4455
  
* CVE-2014-4455
   
=== [[TaiG]] (8.0/8.0.1/8.0.2/8.1/8.1.1) ===
 +
=== [[TaiG]] (8.0 / 8.0.1 / 8.0.2 / 8.1 / 8.1.1) ===
 
* LightSensor / ProxALSSensor kernel exploit (Also used in Pangu 1.0.0)
  
* LightSensor / ProxALSSensor kernel exploit (Also used in Pangu 1.0.0)
 
* a dmg mount command (looks like the Developer DMG) (syslog while jailbreaking) (Also used in Pangu8)
  
* a dmg mount command (looks like the Developer DMG) (syslog while jailbreaking) (Also used in Pangu8)

Revision as of 17:49, 2 December 2014

Jailbreak Exploits

Exploits which are used in order to jailbreak 6.x

evasi0n (6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2)

p0sixspwn (6.1.3 / 6.1.4 / 6.1.5 / 6.1.6)


Exploits which are used in order to jailbreak 7.x

This section is a stub; it is incomplete. Please add more content to this section and remove this tag.

evasi0n7 (7.0 / 7.0.1 / 7.0.2 / 7.0.3 / 7.0.4 / 7.0.5 / 7.0.6)

Geeksn0w (7.1 / 7.1.1 / 7.1.2)

Pangu (7.1 / 7.1.1 / 7.1.2)

  • i0n1c's Infoleak vulnerability (Pangu v1.0.0)
  • break_early_random (by i0n1c and Tarjei Mandt of Azimuth) (Pangu v1.1.0)
  • LightSensor / ProxALSSensor kernel exploit (Pangu 1.0.0)
  • TempSensor kernel exploit (Pangu 1.1.0)
  • "syslogd chown" vulnerability
  • enterprise certificate (no real exploit, used for initial "unsigned" code execution)
  • "foo_extracted" symlink vulnerability (used to write to /var)
  • /tmp/bigfile (a big file for improvement of the reliability of a race condition)
  • VoIP backgrounding trick (used to auto restart the app)
  • hidden segment attack


Exploits which are used in order to jailbreak 8.x

This section is a stub; it is incomplete. Please add more content to this section and remove this tag.

Pangu8 (8.0 / 8.0.1 / 8.0.2 / 8.1)

  • an exploit for a bug in /usr/libexec/neagent (source @iH8sn0w)
  • enterprise certificate (inside the IPA)
  • a kind of dylib injection into a system process (see IPA)
  • a dmg mount command (looks like the Developer DMG) (syslog while jailbreaking)
  • a sandboxing problem in debugserver (CVE-2014-4457)
  • the same/a similar kernel exploit as used in Pangu (CVE-2014-4461) (source @iH8sn0w)
  • enable-dylibs-to-override-cache
  • CVE-2014-4455

TaiG (8.0 / 8.0.1 / 8.0.2 / 8.1 / 8.1.1)

  • LightSensor / ProxALSSensor kernel exploit (Also used in Pangu 1.0.0)
  • a dmg mount command (looks like the Developer DMG) (syslog while jailbreaking) (Also used in Pangu8)
  • enable-dylibs-to-override-cache (Also used in Pangu8)
  • a kind of dylib injection into a system process (see IPA) (Also used in Pangu8 but tweaked slightly)
Retrieved from "https://www.theiphonewiki.com/w/index.php?title=User:Aker&oldid=43855"