Malformed PairRequest

From The iPhone Wiki
Revision as of 15:16, 6 October 2013 by Cykey (talk | contribs) (Explained the crash a bit)
Jump to: navigation, search

By sending lockdownd a malformed property list for the PairRequest command causes lockdownd to crash and restart. This is probably non-exploitable, but it is used in the Timezone Vulnerability to restart lockdownd to change file permissions.

Normally, lockdownd expects data (NSData) to be sent as the PairRequest. However, evasi0n sends a boolean (NSNumber) which causes lockdownd to crash with an Objective-C unrecognized selector error.


Usage

Credits

See Also

References