|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
User:Aker
Contents
Jailbreak Exploits
Exploits which are used in order to jailbreak 6.x
evasi0n (6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2)
- limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPhone 4, and iPod touch 4G)
- limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
- Symbolic Link Vulnerability
- Timezone Vulnerability
- Shebang Trick
- AMFID code signing evasion
- launchd.conf untether
- IOUSBDeviceFamily Vulnerability
- ARM Exception Vector Info Leak
- dynamic memmove() locating
- vm_map_copy_t corruption for arbitrary memory disclosure
- kernel memory write via ROP gadget
p0sixspwn (6.1.3 / 6.1.4 / 6.1.5 / 6.1.6)
- posix_spawn kernel information leak (by i0n1c)
- posix_spawn kernel exploit (CVE-2013-3954) (by i0n1c)
- mach_msg_ool_descriptor_ts for heap shaping
- AMFID_code_signing_evasi0n7
- DeveloperDiskImage race condition (by comex)
- launchd.conf untether
Exploits which are used in order to jailbreak 7.x
This section is a stub; it is incomplete. Please add more content to this section and remove this tag.
evasi0n7 (7.0 / 7.0.1 / 7.0.2 / 7.0.3 / 7.0.4 / 7.0.5 / 7.0.6)
Geeksn0w (7.1 / 7.1.1 / 7.1.2)
- limera1n's bootrom exploit (Tethered jailbreak) on iPhone 4
Pangu (7.1 / 7.1.1 / 7.1.2)
- i0n1c's Infoleak vulnerability (Pangu v1.0.0)
- break_early_random (by i0n1c and Tarjei Mandt of Azimuth) (Pangu v1.1.0)
- LightSensor / ProxALSSensor kernel exploit (Pangu 1.0.0)
- TempSensor kernel exploit (Pangu 1.1.0)
- "syslogd chown" vulnerability
- enterprise certificate (no real exploit, used for initial "unsigned" code execution)
- "foo_extracted" symlink vulnerability (used to write to /var)
- /tmp/bigfile (a big file for improvement of the reliability of a race condition)
- VoIP backgrounding trick (used to auto restart the app)
- hidden segment attack
Exploits which are used in order to jailbreak 8.x
This section is a stub; it is incomplete. Please add more content to this section and remove this tag.
Pangu8 (8.0 / 8.0.1 / 8.0.2 / 8.1)
- an exploit for a bug in /usr/libexec/neagent (source @iH8sn0w)
- enterprise certificate (inside the IPA)
- a kind of dylib injection into a system process (see IPA)
- a dmg mount command (looks like the Developer DMG) (syslog while jailbreaking)
- a sandboxing problem in debugserver (CVE-2014-4457)
- the same/a similar kernel exploit as used in Pangu (CVE-2014-4461) (source @iH8sn0w)
- enable-dylibs-to-override-cache
- CVE-2014-4455
TaiG (8.0 / 8.0.1 / 8.0.2 / 8.1 / 8.1.1)
- LightSensor / ProxALSSensor kernel exploit (Also used in Pangu 1.0.0)
- DeveloperDiskImage race condition (by comex) (source: https://twitter.com/iH8sn0w/status/538602532088860672; also used in p0sixspwn)
- enable-dylibs-to-override-cache (Also used in Pangu8)
- a kind of dylib injection into a system process (see IPA) (Also used in Pangu8 but tweaked slightly)
