Linked by Thom Holwerda on Sat 9th Feb 2013 01:01 UTC
Apple "Over the last half a week, Apple has been hit with the largest mass-hacking incident in its history. And the perpetrators were the company's own users. Nearly seven million iPhone, iPad and iPod touch owners have cracked Apple's restrictions on their devices using the jailbreaking tool Evasi0n since the tool was released Monday morning, according to the latest count from Jay Freeman, the administrator of the app store for jailbroken devices known as Cydia. That makes the iOS-hacking app the fastest-adopted jailbreak software of all time, Freeman says." Because, of course, only nerds and geeks jailbreak. There's also a technical analysis of the jailbreak.
Permalink for comment 551972
To read all comments associated with this story, please click here.
Brilliant Stuff
by Alfman on Sat 9th Feb 2013 04:16 UTC
Alfman
Member since:
2011-01-28

"By clever usage of a codeless dynamic library, existing valid methods (such as CFEqual()) can be re-exported as different methods with the same method signature, such that MISValidateSignature will always return 0, allowing any unsigned binary to run."

By remapping security functions to other functions, they were able to override the security checks and consequently validate the un-jailed binaries. The brilliant part of the exploit is that it used apple's pre-existing signed code (referred to as the TEXT section) and didn't have to inject unauthorized code.

I'm impressed with this work, but at the same time I wonder why apple's code validator only validated the TEXT section of the binary? It seems like an unnecessarily insecure way to validate code. Am I missing something?

Reply Score: 3