« | Home | Categories | »

Evasi0n Jailbreak’s Userland Component

Posted on February 5th, 2013 at 8:37 by John Sinteur in category: Apple -- Write a comment


Evasi0n is interesting because it escalates privileges and has full access to the system partition all without any memory corruption. It does this by exploiting the /var/db/timezone vulnerability to gain access to the root user’s launchd socket. It then abuses launchd to load MobileFileIntegrity with an inserted codeless library, which is overriding MISValidateSignature to always return 0.

previous post: First video inside thinking fish’s brain captured by boffins

next post: Justice Department memo reveals legal case for drone strikes on Americans