Help hackers to discover vulnerabilities in iOS 5.1

0

Pod2g of the power Dev Staff desires the iOS group to find vulnerabilities that can be utilized to iOS 5.1 untethered jailbreak. In the past, the teamChronic Dev workforce kind  which computerized crash studies will be accrued, totaling greater than 10 million crash experiences have been amassedThe info accrued weren’t sufficient, the workforce should additionally know the way the crashes may also be reproduced.

 

Hacke4rs

 

“How can I help the jailbreak community?

To jailbreak a device, hackers need a set of exploitable vulnerabilities:

  • a code injection vector : a vulnerability in the core components of iOS that leads to custom, unsigned code execution.
  • a privilege escalation vulnerability : it’s usually not enough to have unsigned code execution. Nearly all iOS applications and services are sandboxed, so one often need to escape from the jail to trigger the kernel exploit.
  • a kernel vulnerability : the kernel is the real target of the jailbreak payload. The jailbreak has to patch it to remove the signed code enforcement. Only the kernel can patch the kernel, that’s why a code execution vulnerability in the context of the kernel is needed.
  • an untethering vulnerability : when the device boots, it is unpatched, thus cannot run unsigned code. Thus, to start the jailbreak payload at boot time, a code execution vector either in the services bootstrap or in the loading of binaries is mandatory.

You can help if you can crash either a core application(Safari, Mail, etc…) or the kernel in a repeatable way. A kernel crash is easy to recognize as it reboots the device.

  • Important facts:
  • Always test on the latest iOS version before reporting a crash (at the time of writing, iOS 5.1)
  • Be sure to not report crashes to Apple : on your iOS device, go to Settings / General / About /Diagnostics & Usage, and verify that “Don’t Send” is checked.
  • Not all crashes are interesting : aborts, timeouts or out of memory kind of crashes are useless. Verify the crash dump in Settings / General / About /Diagnostics & Usage / Diagnostic & Usage Data that the crash report you created is of Exception Type SIGILL, SIGBUS or SIGSEGV.
  • The crash should be repeatable, which means you should know what exact steps produced it and how to produce it on another device.”

The team realized that to jailbreak iOS 5.1, they have to look through standard report on crashed applications (like Safari and Mail) or the kernel to trace that can be repeated. A crash of the kernel is easy to recognize because it is a reboot of the device results. The Chronic Dev Team is specifically looking for repeatable crashes where the Exception Type one of the following three types: SIGILL, SIGBUS or SIGSEGV. 

 You can view specific crash reports via the option Diagnosis and use in the menu Settings , General , Information , Diagnosis and use . Bugs in the graphical interface of IOS are not interesting for this purpose, a repeated crash as a result of visiting a particular URL or opening a certain PDF file though. Send all crash reports to crash to iOS.pod2g@gmail.com.

 

 

If you still have questions regarding Apple Sued Over Misleading Siri Commercial, you can either leave us a comment on our  Facebook page, Follow us on twitter, add us on your Google+ circle to Keep up to date.

 

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn, circle us on Google+