Difference between revisions of "Star"

From The iPhone Wiki
Jump to: navigation, search
m (Star's exploits are no longer "unknown.")
Line 1: Line 1:
 
[[Image:Star.jpg|thumb|Star on an [[N72ap|iPod touch 2G]].]]
 
[[Image:Star.jpg|thumb|Star on an [[N72ap|iPod touch 2G]].]]
Star is a userland [[jailbreak]] from [[User:Comex|comex]] that utilizes three exploits (two new exploits, and one from [[Spirit]]) to jailbreak iOS 3.1.2 through 4.0.1 (except for 3.2.2). Star warns that 3.1.2 and 3.1.3 are known to fail on [[N18ap|iPod touch 3G]], and that performing a fresh restore to 4.0(.1) is recommended. It can be used via [[Jailbreakme]]. With the release of iOS 4.0.2 (and iOS 3.2.2 for [[K48ap|iPad]]s) on 11 August 2010, the vulnerabilities were fixed so that it doesn't work anymore.
+
Star is a userland [[jailbreak]] from [[User:Comex|comex]] that utilizes two new exploits to jailbreak iOS 3.1.2 through 4.0.1 (except for 3.2.2). Star warns that 3.1.2 and 3.1.3 are known to fail on [[N18ap|iPod touch 3G]], and that performing a fresh restore to 4.0(.1) is recommended. It can be used via [[Jailbreakme]]. With the release of iOS 4.0.2 (and iOS 3.2.2 for [[K48ap|iPad]]s) on 11 August 2010, the vulnerabilities were fixed so that it doesn't work anymore.
   
 
==Payloads==
 
==Payloads==
The first payload is deployed via a HTTP redirect to a PDF file. The PDF contains a CFF font with a malformed type 2 charstring, which contains commands to repeatedly push and duplicate random numbers onto an "argument stack". Presumably this crashes the font parser.
+
The first payload is deployed via a HTTP redirect to a PDF file. The PDF contains a CFF font with a malformed type 2 charstring, which contains commands to repeatedly push and duplicate random numbers onto an "argument stack". This allows arbitrary code execution due to stack overflow in CFF parser inside FreeType 2 library used by iPhone.
   
The second payload use an integer overflow in IOSurface.framework to get root access and privileges in order to jailbreak.[http://support.apple.com/kb/HT4291]
+
The second payload (wab.bin) use an integer overflow in IOSurface.framework to get root access and privileges in order to jailbreak.[http://support.apple.com/kb/HT4291]
   
 
==PDF Patch==
 
==PDF Patch==

Revision as of 13:07, 1 September 2010

Star on an iPod touch 2G.

Star is a userland jailbreak from comex that utilizes two new exploits to jailbreak iOS 3.1.2 through 4.0.1 (except for 3.2.2). Star warns that 3.1.2 and 3.1.3 are known to fail on iPod touch 3G, and that performing a fresh restore to 4.0(.1) is recommended. It can be used via Jailbreakme. With the release of iOS 4.0.2 (and iOS 3.2.2 for iPads) on 11 August 2010, the vulnerabilities were fixed so that it doesn't work anymore.

Payloads

The first payload is deployed via a HTTP redirect to a PDF file. The PDF contains a CFF font with a malformed type 2 charstring, which contains commands to repeatedly push and duplicate random numbers onto an "argument stack". This allows arbitrary code execution due to stack overflow in CFF parser inside FreeType 2 library used by iPhone.

The second payload (wab.bin) use an integer overflow in IOSurface.framework to get root access and privileges in order to jailbreak.[1]

PDF Patch

Because this jailbreak revealed a new security hole, malicious people could also make use of this. Therefore it is recommended to install the patch saurik put onto Cydia, to keep your device safe.

Links