|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Symbolic Link Vulnerability"
m (fix link) |
(mention that it's patched) |
||
| Line 1: | Line 1: | ||
By restoring files, directories and symlinks to the iOS device, the path is carefully checked, so that no write accesses outside of certain domains are possible. By creating a symlink that points to somewhere else, it is possible to overcome this limitation. |
By restoring files, directories and symlinks to the iOS device, the path is carefully checked, so that no write accesses outside of certain domains are possible. By creating a symlink that points to somewhere else, it is possible to overcome this limitation. |
||
| + | |||
| + | This vulnerability has been fixed in iOS 7.1b2[https://twitter.com/iH8sn0w/status/412338808903192576]. |
||
== Usage in [[evasi0n]] jailbreak == |
== Usage in [[evasi0n]] jailbreak == |
||
Revision as of 01:42, 16 December 2013
By restoring files, directories and symlinks to the iOS device, the path is carefully checked, so that no write accesses outside of certain domains are possible. By creating a symlink that points to somewhere else, it is possible to overcome this limitation.
This vulnerability has been fixed in iOS 7.1b2[1].
Usage in evasi0n jailbreak
In the case of evasi0n, the following files, directories and symlinks are restored, all in the Media Domain:
- directory:
Media/ - directory:
Media/Recordings/ - symlink:
Media/Recordings/.haxxpointing to/var/mobile - directory:
Media/Recordings/.haxx/DemoApp.app/ - several files in
Media/Recordings/.haxx/DemoApp.app/,Info.plist,DemoApp,Icon.png,Icon@2x.png,Icon-72.png,Icon-72@2x.png - file:
Media/Recordings/.haxx/Library/Caches/com.apple.mobile.installation.plist
This results in the following directory and file structure:
/var/mobile/Media/Recordings/ (folder) /var/mobile/Media/Recordings/.haxx (symlink) /var/mobile/DemoApp.app/Info.plist /var/mobile/DemoApp.app/DemoApp /var/mobile/DemoApp.app/Icon.png /var/mobile/DemoApp.app/Icon@2x.png /var/mobile/DemoApp.app/Icon-72.png /var/mobile/DemoApp.app/Icon-72@2x.png /var/mobile/Library/Caches/com.apple.mobile.installation.plist
See Also
- Timezone Vulnerability regarding CVE-2013-0979
