limera1n - untethered jailbreak from geohot second uses a known vulnerability in bootrom iOS all new devices. Earlier in September this year, members of the Dev Team pod2g and posixninja excavated and partially documented the first known vulnerability in bootrom Apple A4 devices. Now Apple is aware of two vulnerabilities that are likely to be closed with the next revision of the hardware devices.
The thing that bootrom (or SecureROM) - is a small downloader, that's called iPhone / iPad as soon as you turn on the device. Bootrom usually sewn in read-only NAND (flash memory), which is stitched at the factory during manufacture of the device. All subsequent updates iOS does not affect this portion of memory: update bootrom only possible with the new hardware revision of devices. That's why all found vulnerabilities in this area code are strategically important.
Upon completion of bootrom passes control to the loader iBoot. iBoot - this is the second stage boot, whose task is to conduct a partial initialization of the device, load the kernel iOS and give him control. iBoot easily alter the upgrade iOS, on this all found in him the vulnerability of a temporary nature.
The whole chained iOS boot process looks something like this: bootrom -> iBoot -> iOS
Ongoing vulnerability bootrom always a guarantee that sooner or later jailbreak will be taken. Vulnerabilities in iBoot or iOS unreliable and Apple closed during the upgrade iOS. In addition jailbreak, which runs through vulnerabilities in iBoot usually is tethered, ie, After rebooting the device you need to jailbreak again.
 |
If you are interested in this subject, the next time we can consider the operating principle exploits for jailbreak.
No comments:
Post a Comment