Difference between revisions of "AT+XAPP Vulnerability"

From The iPhone Wiki
Jump to: navigation, search
(Credits & Formatting)
Line 3: Line 3:
== Credit ==
== Credit ==
* '''vulnerability''': [http://twitter.com/sherif_hashim sherif_hashim], also discovered independently by [http://twitter.com/westbaer westbaer], also discovered independently by [[geohot]]
* '''vulnerability''': [http://twitter.com/sherif_hashim sherif_hashim], also discovered by [http://twitter.com/westbaer westbaer], [[geohot]] and [http://twitter.com/oranav Oranav] (each one independently)
* '''exploitation''': [[iPhone Dev Team]]
* '''exploitation''': [[iPhone Dev Team]]

Revision as of 20:55, 22 June 2010

Used as an injection vector for the current iPhone 3G and iPhone 3GS unlock payloads‭ - ‬ultrasn0w 0.93‭. ‬Currently available in all baseband versions until 05.13.04‭.‬ ‭



There is a stack overflow in the AT+XAPP‭="..." ‬command‭, ‬which allows unsigned code execution on the X-Gold 608


applying a string of more than 52‭ ‬characters will trigger the overflow ‭


The exploit was used by iPhone Dev Team in Ultrasn0w 0.93‭ which is able to unlock 4.26.08‭, ‬5.11.07‭, ‬5.12.01‭ ‬and 5.13.04‭ ‬BB firmwares

Category‭: ‬Baseband Exploits