The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Malformed PairRequest

From The iPhone Wiki
Revision as of 22:30, 30 December 2013 by Http (talk | contribs) (new Accuvant blog link (thanks Britta), here also missing)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

By sending lockdownd a malformed property list for the PairRequest command causes lockdownd to crash and restart. This is probably non-exploitable, but it is used in the Timezone Vulnerability to restart lockdownd to change file permissions.

Normally, lockdownd expects data (NSData) to be sent as the PairRequest. However, evasi0n sends a boolean (NSNumber) which causes lockdownd to crash with an Objective-C unrecognized selector error.


Usage

Credits

See Also

References

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Malformed_PairRequest&oldid=38424"