Evasi0n Jailbreak’s Userland Component | Accuvant LABS Blog

The iOS 6 jailbreak is out, and most people just simply install and click, but just how ‘exactly’ does it work? A thorough technical explanation of how the exploit works, fascinating reading. The popularity of JB clearly indicates that people want to do more with their devices than what they’re allowed.

“Evasi0n is interesting because it escalates privileges and has full access to the system partition all without any memory corruption.  It does this by exploiting the /var/db/timezone vulnerability to gain access to the root user’s launchd socket.  It then abuses launchd to load MobileFileIntegrity with an inserted codeless library, which is overriding MISValidateSignature to always return 0.”

Interesting quote from Forbes:

“According to David Wang, one of the evad3rs’ four developers, the program takes advantage of at least five distinct, new bugs in iOS’s code. (For reference, that’s one more than Stuxnet, the malware built by the NSA to destroy centrifuges in Iran’s nuclear enrichment facilities.)”

http://www.forbes.com/sites/andygreenberg/2013/02/05/inside-evasi0n-the-most-elaborate-jailbreak-to-ever-hack-your-iphone/

Evasi0n Jailbreak’s Userland Component | Accuvant LABS Blog

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s