Used as an injection vector for the X-Gold 608 and XMM 6180 unlock payload. Currently available in all X-Gold 608 basebands until 05.13.04 and 06.15.00, and XMM 6180 baseband 01.59.00.
- vulnerability: sherif_hashim, also discovered by westbaer, geohot and Oranav (each one independently)
- exploitation: iPhone Dev Team
There is a stack overflow in the AT+XAPP="..." command, which allows unsigned code execution on the X-Gold 608 and XMM 6180.
Applying a string of more than 52 characters will trigger the overflow.
The exploit was used by iPhone Dev Team in ultrasn0w 1.0-1 and 1.2, which is able to unlock the X-Gold 608 basebands 04.26.08, 05.11.07, 05.12.01, 05.13.04 and 06.15.00(ultrasn0w 1.2 only), and XMM 6180 baseband 01.59.00.