The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Talk:Evasi0n"
(→Vulnerability Names) |
(→Vulnerability Names: mention name change and adjust links) |
||
Line 20: | Line 20: | ||
: Looks good! --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 04:19, 15 February 2013 (UTC) |
: Looks good! --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 04:19, 15 February 2013 (UTC) |
||
− | : Now I've listed eleven vulnerabilities/exploits/techniques, but [http://www.forbes.com/sites/andygreenberg/2013/02/25/apple-is-beta-testing-a-fix-for-evasi0n-jailbreak/ Forbes citing planetbeing talk about "five distinct bugs in iOS"] and [http://news.softpedia.com/news/Softpedia-Exclusive-Interview-Dhillon-Kannabhiran-CEO-and-Founder-of-HITB-331914.shtml Softpedia interview with Dhillon talking about evasi0n] talk about 8 vulnerabilities. Additionally [[i0n1c]] mentions a [[Timezone Flaw]], so I'm not sure if that is the [[Malformed PairRequest]] or another one. He also mentioned the [[Overlapping Segment Attack]] and later confirmed it's an additional one (added now). Quite confusing, especially as I'm far away from fully understanding the [[evasi0n]] code. --[[User:Http|http]] ([[User talk:Http|talk]]) 22:50, 25 February 2013 (UTC) |
+ | : Now I've listed eleven vulnerabilities/exploits/techniques, but [http://www.forbes.com/sites/andygreenberg/2013/02/25/apple-is-beta-testing-a-fix-for-evasi0n-jailbreak/ Forbes citing planetbeing talk about "five distinct bugs in iOS"] and [http://news.softpedia.com/news/Softpedia-Exclusive-Interview-Dhillon-Kannabhiran-CEO-and-Founder-of-HITB-331914.shtml Softpedia interview with Dhillon talking about evasi0n] talk about 8 vulnerabilities. Additionally [[i0n1c]] mentions a [[Timezone Vulnerability|Timezone Flaw]], so I'm not sure if that is the [[Timezone Vulnerability|Malformed PairRequest]] or another one. He also mentioned the [[Overlapping Segment Attack]] and later confirmed it's an additional one (added now). Quite confusing, especially as I'm far away from fully understanding the [[evasi0n]] code. --[[User:Http|http]] ([[User talk:Http|talk]]) 22:50, 25 February 2013 (UTC) |
:: On the post that was confirming one is patched it said one of five. If this is the case how come we have about 10 listed? --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 00:38, 26 February 2013 (UTC) |
:: On the post that was confirming one is patched it said one of five. If this is the case how come we have about 10 listed? --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 00:38, 26 February 2013 (UTC) |
||
::: Because, doesnt Evasi0n use 10 vulnerabilities? There may be less in the Cydia package one then there is with the computer sided one --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 00:40, 26 February 2013 (UTC) |
::: Because, doesnt Evasi0n use 10 vulnerabilities? There may be less in the Cydia package one then there is with the computer sided one --[[User:Haifisch|Haifisch]] ([[User talk:Haifisch|talk]]) 00:40, 26 February 2013 (UTC) |
||
+ | |||
+ | Update: From the HITB talk, I now seem to understand that the permission change comes from the timezone vulnerability. I've changed the name. --[[User:Http|http]] ([[User talk:Http|talk]]) 08:46, 15 April 2013 (UTC) |
||
== Cydia package == |
== Cydia package == |
Revision as of 08:46, 15 April 2013
Downloads.
Can we delete the downloads and make a version table? Download table is not needed really. --adaminsull (talk) 23:22, 8 February 2013 (UTC)
- I had the same idea earlier and thought we don't need the links, because they are all on their homepage. But now, the old links are nowhere else visible. Not sure if they are important though. --http (talk) 23:48, 8 February 2013 (UTC)
- Is it ok for me to delete them and I'll do the table for versions too? --adaminsull (talk) 23:55, 8 February 2013 (UTC)
- I think it'd be better just to add a 'changelog' column to the current downloads table. --Srb21103 (talk) 00:02, 9 February 2013 (UTC)
- There is totally no point in downloads here. We don't have it for redsn0w etc. --adaminsull (talk) 00:08, 9 February 2013 (UTC)
- Wait until we get some more response. --5urd (talk) 00:32, 9 February 2013 (UTC)
- I think it'd be better just to add a 'changelog' column to the current downloads table. --Srb21103 (talk) 00:02, 9 February 2013 (UTC)
- The Mega links still work... --5urd (talk) 00:32, 9 February 2013 (UTC)
- There is still no point in it. For now I will do the changelog table and see what others think. --adaminsull (talk) 00:37, 9 February 2013 (UTC)
- I will just delete all because like we say, they are all useless. You could always google the link if ever needed. --adaminsull (talk) 12:36, 9 February 2013 (UTC)
- There is still no point in it. For now I will do the changelog table and see what others think. --adaminsull (talk) 00:37, 9 February 2013 (UTC)
- For archiving purposes, I usually like having access to older versions of everything. (I probably wouldn't use it though…) However, their usefulness is questionable at best, so it wouldn't really be problematic to remove them. We could purge all of the links for old versions except the Mega links, and move those Mega links below the table or something. --Dialexio (talk) 02:39, 9 February 2013 (UTC)
- Is it ok for me to delete them and I'll do the table for versions too? --adaminsull (talk) 23:55, 8 February 2013 (UTC)
Vulnerability Names
Now that we have full analysis, I've tried to give some names to the used vulnerabilities, exploits, techniques. Would you agree with the names before we start creating the pages? Anything missing? Something wrong? --http (talk) 01:24, 15 February 2013 (UTC)
- Now I've listed eleven vulnerabilities/exploits/techniques, but Forbes citing planetbeing talk about "five distinct bugs in iOS" and Softpedia interview with Dhillon talking about evasi0n talk about 8 vulnerabilities. Additionally i0n1c mentions a Timezone Flaw, so I'm not sure if that is the Malformed PairRequest or another one. He also mentioned the Overlapping Segment Attack and later confirmed it's an additional one (added now). Quite confusing, especially as I'm far away from fully understanding the evasi0n code. --http (talk) 22:50, 25 February 2013 (UTC)
- On the post that was confirming one is patched it said one of five. If this is the case how come we have about 10 listed? --adaminsull (talk) 00:38, 26 February 2013 (UTC)
Update: From the HITB talk, I now seem to understand that the permission change comes from the timezone vulnerability. I've changed the name. --http (talk) 08:46, 15 April 2013 (UTC)
Cydia package
I assume it also edit the launchd config file too, anyone agree so i may add it? --Haifisch (talk) 02:50, 25 February 2013 (UTC)