Timezone Vulnerability

According the the Accuvant Labs analysis, sending lockdownd a malformed PairRequest command causes lockdownd to change the permissions like  making it accessible to mobile (and all users). It isn't clear whether this vulnerability is in lockdownd or in an underlying library or framework, so more analysis of this vulnerability is necessary.

This vulnerability (or together with Symbolic Link Vulnerability?) is CVE-2013-0979.

Apple's description in the iOS 6.1.3 security fixes:

Lockdown Impact: A local user may be able to change permissions on arbitrary files Description: When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.

Usage

 * evasi0n jailbreak

Credits

 * evad3rs