There’s no shortage of excited people across the world right now, as the iOS 6.1 jailbreak continues to liberate more iPhones and iPads every second. At long last, after months of trying, users are once again able to fully appreciate iOS 6.1. Under the hood, this seeming simple jailbreak has managed to locate an entirely new point of attack that allowes the users access to the rest of the operating system.
The jailbreak process is a battle between Apple and developers that are usually looking for exploits in their free time. Each version of iOS has offered a new challenge for these elite few, as Apple has fixed the exploit that was found in the previous version. This isn’t a bad thing, especially in cases where the vulnerability could be used by those with malicious intent to cause real harm to your iDevice. Unfortunately, we’ve reached a point where Apple has spent considerable time and money sealing up these exploits. The Evasi0n jailbreak is so impressive because it takes an entirely new approach to delivering an exploit that allows root access to iOS.
Many of the previous jailbreak techniques relied on a memory corruption process that escalated the user privileges from the normal user state to super user. Evasi0n doesn’t use this method, most likely because Apple’s recent anti-exploit work has removed this as a possible point of entry. Instead, an application is installed on the iPhone or iPad that takes advantage of the open nature of Apple’s backup files.
When you back up files on your iPhone or iPad, the backup can be applied to any other iDevice. This is a fantastic feature in the event that something happens to your iPad. You can buy a replacement piece of hardware and have all of your apps and data restored in minutes. It’s a killer tool that isn’t provided by any other mobile platform right now.
That also means that this data isn’t digitally signed, and the operating system relies on a super user to apply the backup and reboot your device. This provided Evasi0n with an entry point to inject the necessary files within the backup data. From here, an app is created that iOS treats as though it was part of the backup. This app modified the rules that govern how iOS responds to external requests made by the computer you are currently connected to.
Then the app on your PC can deliver Cydia to the device so it can be installed once super user status has been permanently accessed. Alongside Cydia is a new configuration file that is injected into the filesystem. This file is activated when the iPhone or iPad reboots, which in turn runs Evasi0n during boot. This makes sure that, every time the device boots, you are granted the Super User status to do most of the things you find in Cydia.
Unlike many previous exploits, Evasi0n is something that can really only be done by the user. Since it requires interaction on both the computer and the iDevice, the only way this exploit could be used to maliciously jailbreak an iOS 6.1 device would be if there was malicious code running on your computer already.While many users will never know much more about this exploit that the simple series of buttons that you have to push in order to see your iPhone reboot with the Cydia app icon on your home screen, the efforts that went into providing this to users is an impressive testament to the dedicated team responsible for this jailbreak.
No comments:
Post a Comment