P0sixspwn

p0sixspwn is an untethered jailbreak for iOS 6.1.3-6.1.6 by winocm, iH8sn0w and SquiffyPwn. It was initially made available as an Cydia package on Saurik's repo to untether already jailbroken devices. It works with all devices that support iOS 6.1.3-6.1.6 and 5.2.1 - 5.3 on Apple TV (2nd generation). On 30 December 2013, a Mac OS X program was released to perform a jailbreak. A Windows program was released on 3 January 2014.

Cydia Package Changelog

 * 1.0-5 the initial release of the untether
 * 1.0-9 iPhone 4 (iPhone3,1) boot loop fix
 * 1.1-1 Automatically reboot after 30 seconds if device did not boot. (iH8sn0w's repo only)
 * 1.1-2 Automatically reboot after one minute if device did not boot due to 30 seconds was too quick. (iH8sn0w's repo only)
 * 1.1-3 Automatically reboot after two minutes if device did not boot due to 60 seconds was too quick. (iH8sn0w's repo only)
 * 1.2-1 Various bug fixes.
 * 1.3-2 Fixes iMessage, LTE issues and Apple TV 2G support.
 * 1.4-1 Support iOS 6.1.6.

Installed Packages

 * APR (/usr/lib) (1.3.3-2; )
 * APT 0.7 (apt-key) (0.7.25.3-3; )
 * APT 0.7 Strict (lib) (0.7.25.3-11; )
 * Base Structure (1-4; )
 * BigBoss Icon Set (1.0; )
 * Bourne-Again SHell (4.0.17-13; )
 * bzip2 (1.0.5-7; )
 * Core Utilities (/bin) (8.12-7p; )
 * Cydia Installer (1.1.9; )
 * Cydia Translations (1.1.8.1; )
 * Darwin Tools (1-4; )
 * Debian Packager (1.14.25-9; )
 * Debian Utilities (3.3ubuntu1-1p; )
 * Diff Utilities (2.8.1-6; )
 * Find Utilities (4.2.33-6; )
 * GNU Privacy Guard (1.4.8-4; )
 * grep (2.5.4-3; )
 * gzip (1.6-7; )
 * iPhone Firmware (/sbin) (0-1; )
 * LZMA Utils (4.32.7-4; )
 * New Curses (5.7-12; )
 * PAM (Apple) (32.1-3; )
 * PAM Modules (36.1-4; )
 * pcre (8.30-5p; )
 * p0sixspwn (1.4-1; )
 * Profile Directory (0-2; )
 * readline (6.0-7; )
 * sed (4.1.5-7; )
 * shell-cmds (118-6; )
 * system-cmds (433.4-12; )
 * Tape Archive (1.19-8; )
 * UIKit Tools (1.1.8; )

Exploits

 * posix_spawn kernel information leak (by i0n1c)
 * posix_spawn kernel exploit (CVE-2013-3954) (by i0n1c)
 * mach_msg_ool_descriptor_ts for heap shaping
 * AMFID_code_signing_evasi0n7
 * DeveloperDiskImage race condition (by comex)
 * launchd.conf untether

Interesting strings
These strings were found on the jailbroken device in /var/untether/untether: This suggests that there was plans to jailbreak Apple TVs: