Evasi0n



evasi0n is a jailbreak tool that can be used to jailbreak (untethered) iOS 6.0-6.1 on all supported devices, excluding the revisions of the Apple TV 3G. It was released on 4 February 2013 by the evad3rs, and is available for Windows, OS X, and Linux (x86 and x86_64). There is also a cydia package called "evasi0n iOS 6.0-6.1 untether" which can untether an existing tethered jailbreak without the need to restore and use the desktop tool.

Supported Devices
As of evasi0n's release, the only unsupported devices are the Apple TV 3G revisions, since the kernels on these devices are still missing an injection vector to run unsigned code. All other devices on iOS 6.0-6.1.1 are supported (as well as iOS 5.2 for the Apple TV 2G).

Exploits
evasi0n takes advantage of at least five distinct new vulnerabilities:
 * Use of symbolic links in time zone file to socket
 * Unix "shebang" trick
 * Change of launchd.conf for untethering
 * AMFID code-signing kernel changes
 * ASLR circumvention by using ARM exception vectors

Code
bsexec .. /sbin/mount -u -o rw,suid,dev / setenv DYLD_INSERT_LIBRARIES /private/var/evasi0n/amfi.dylib load /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist bsexec .. /private/var/evasi0n/evasi0n unsetenv DYLD_INSERT_LIBRARIES bsexec .. /bin/rm -f /private/var/evasi0n/sock bsexec .. /bin/ln -f /var/tmp/launchd/sock /private/var/evasi0n/sock