Evasi0n



evasi0n is a jailbreak tool that can be used to jailbreak (untethered) iOS 6.0-6.1 on all supported devices, excluding the Apple TV 3G. It was releasd on 4 Feburary 2013 by its developers, evad3rs, and supports Windows, OS X, and Linux (x86 and x86_64).

Supported Devices
As of evasi0n's release, the only unsupported device is the Apple TV 3G, since the kernel is still missing a injector vector to run unsigned code. All other devices on iOS 6.0-6.1 are supported (as well as iOS 5.2 for the Apple TV 2G).

Exploits
evasi0n takes advantage of at least five distinct new vulnerabilities:
 * Use of symbolic links in time zone file to socket
 * Unix "shebang" trick
 * Change of launchd.conf for untethering
 * AMFID code-signing kernel changes
 * ASLR circumvention by using ARM exception vectors

Code
bsexec .. /sbin/mount -u -o rw,suid,dev / setenv DYLD_INSERT_LIBRARIES /private/var/evasi0n/amfi.dylib load /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist bsexec .. /private/var/evasi0n/evasi0n unsetenv DYLD_INSERT_LIBRARIES bsexec .. /bin/rm -f /private/var/evasi0n/sock bsexec .. /bin/ln -f /var/tmp/launchd/sock /private/var/evasi0n/sock