Sandbox

Apple's software based mandatory access control that was introduced in iOS 2.0. It is a higher level layer on top of the XNU implementation of the TrustedBSD MAC framework.

Problems

 * In addition to the new set of frameworks in 2.0, applications had to be tweaked to use the new sandbox.
 * For applications to run, they need to have a folder called _Codesign with a file inside called CodeResources
 * If a userland exploit was discovered in an App Store app, the CodeResources would become invalid when a file was injected.
 * The checks are not as hard on built in applications in the firmware (only version.plist is checked to prevent a soft upgrade )

Exploits
The dependency on the CodeResources file makes it vulnerable to the Incomplete Codesign Exploit

More Info

 * Seatbelt article on iPhoneDevWiki
 * Apple's articles about App Sandboxing for developers