User:Aker

= Jailbreak Exploits =

Missing

 * UnthreadedJB

Exploits which are used in order to jailbreak different versions of iOS

 * limera1n's bootrom exploit + 0x24000 Segment Overflow (together for untethered jailbreak on iPhone 3GS with old bootrom)
 * limera1n's bootrom exploit (Tethered jailbreak) on iPhone 3GS with new bootrom, iPod touch 3G, iPad, iPhone 4, and iPod touch 4G)

Absinthe (5.0 on iPhone 4S only / 5.0.1 on iPad 2 and iPhone 4S)

 * Racoon String Format Overflow Exploit (used both for payload injection and untether)
 * HFS Heap Overflow

Corona Untether (5.0.1)

 * Racoon String Format Overflow Exploit
 * HFS Heap Overflow

Absinthe 2.0 and Rocky Racoon Untether (5.1.1)

 * a new Packet Filter Kernel Exploit (CVE-2012-3728)
 * Racoon DNS4/WINS4 table buffer overflow (CVE-2012-3727)

evasi0n (6.0 / 6.0.1 / 6.0.2 / 6.1 / 6.1.1 / 6.1.2)

 * Symbolic Link Vulnerability
 * Timezone Vulnerability
 * Shebang Trick
 * AMFID code signing evasion
 * launchd.conf untether
 * IOUSBDeviceFamily Vulnerability
 * ARM Exception Vector Info Leak
 * dynamic memmove locating
 * vm_map_copy_t corruption for arbitrary memory disclosure
 * kernel memory write via ROP gadget

p0sixspwn (6.1.3 / 6.1.4 / 6.1.5 / 6.1.6)

 * posix_spawn kernel information leak (by i0n1c)
 * posix_spawn kernel exploit (CVE-2013-3954) (by i0n1c)
 * mach_msg_ool_descriptor_ts for heap shaping
 * AMFID_code_signing_evasi0n7
 * DeveloperDiskImage race condition (by comex)
 * launchd.conf untether

evasi0n7 (7.0 / 7.0.1 / 7.0.2 / 7.0.3 / 7.0.4 / 7.0.5 / 7.0.6)

 * CVE-2013-5133
 * CVE-2014-1272
 * CVE-2014-1273
 * CVE-2014-1278
 * Symbolic Link Vulnerability

Geeksn0w (7.1 / 7.1.1 / 7.1.2)

 * limera1n's bootrom exploit (Tethered jailbreak) on iPhone 4

Pangu (7.1 / 7.1.1 / 7.1.2)

 * i0n1c's Infoleak vulnerability (Pangu v1.0.0)
 * break_early_random (by i0n1c and Tarjei Mandt of Azimuth) (Pangu v1.1.0)
 * LightSensor / ProxALSSensor kernel exploit (Pangu 1.0.0)
 * TempSensor kernel exploit (Pangu 1.1.0)
 * "syslogd chown" vulnerability
 * enterprise certificate (no real exploit, used for initial "unsigned" code execution)
 * "foo_extracted" symlink vulnerability (used to write to /var)
 * /tmp/bigfile (a big file for improvement of the reliability of a race condition)
 * VoIP backgrounding trick (used to auto restart the app)
 * hidden segment attack

Pangu8 (8.0 / 8.0.1 / 8.0.2 / 8.1)

 * an exploit for a bug in /usr/libexec/neagent (source @iH8sn0w)
 * enterprise certificate (inside the IPA)
 * a kind of dylib injection into a system process (see IPA)
 * a dmg mount command (looks like the Developer DMG) (syslog while jailbreaking)
 * a sandboxing problem in debugserver (CVE-2014-4457)
 * the same/a similar kernel exploit as used in Pangu (CVE-2014-4461) (source @iH8sn0w)
 * enable-dylibs-to-override-cache
 * CVE-2014-4455

TaiG (8.0 / 8.0.1 / 8.0.2 / 8.1 / 8.1.1)

 * LightSensor / ProxALSSensor kernel exploit (Also used in Pangu 1.0.0)
 * DeveloperDiskImage race condition (by comex) (source: https://twitter.com/iH8sn0w/status/538602532088860672; also used in p0sixspwn)
 * enable-dylibs-to-override-cache (Also used in Pangu8)
 * a kind of dylib injection into a system process (see IPA) (Also used in Pangu8 but tweaked slightly)