The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Symbolic Link Vulnerability"
(mention that it's patched) |
m (Please do not use the [1].) |
||
Line 1: | Line 1: | ||
By restoring files, directories and symlinks to the iOS device, the path is carefully checked, so that no write accesses outside of certain domains are possible. By creating a symlink that points to somewhere else, it is possible to overcome this limitation. |
By restoring files, directories and symlinks to the iOS device, the path is carefully checked, so that no write accesses outside of certain domains are possible. By creating a symlink that points to somewhere else, it is possible to overcome this limitation. |
||
− | This vulnerability has been |
+ | This vulnerability has been [https://twitter.com/iH8sn0w/status/412338808903192576 fixed] in iOS 7.1b2. |
== Usage in [[evasi0n]] jailbreak == |
== Usage in [[evasi0n]] jailbreak == |
Revision as of 16:37, 16 December 2013
By restoring files, directories and symlinks to the iOS device, the path is carefully checked, so that no write accesses outside of certain domains are possible. By creating a symlink that points to somewhere else, it is possible to overcome this limitation.
This vulnerability has been fixed in iOS 7.1b2.
Usage in evasi0n jailbreak
In the case of evasi0n, the following files, directories and symlinks are restored, all in the Media Domain:
- directory:
Media/
- directory:
Media/Recordings/
- symlink:
Media/Recordings/.haxx
pointing to/var/mobile
- directory:
Media/Recordings/.haxx/DemoApp.app/
- several files in
Media/Recordings/.haxx/DemoApp.app/
,Info.plist
,DemoApp
,Icon.png
,Icon@2x.png
,Icon-72.png
,Icon-72@2x.png
- file:
Media/Recordings/.haxx/Library/Caches/com.apple.mobile.installation.plist
This results in the following directory and file structure:
/var/mobile/Media/Recordings/ (folder) /var/mobile/Media/Recordings/.haxx (symlink) /var/mobile/DemoApp.app/Info.plist /var/mobile/DemoApp.app/DemoApp /var/mobile/DemoApp.app/Icon.png /var/mobile/DemoApp.app/Icon@2x.png /var/mobile/DemoApp.app/Icon-72.png /var/mobile/DemoApp.app/Icon-72@2x.png /var/mobile/Library/Caches/com.apple.mobile.installation.plist
See Also
- Timezone Vulnerability regarding CVE-2013-0979