Elevat0r

From The Apple Wiki

Elevat0r is a general name that was used by security researcher Stefan Esser for jailbreaks he developed for private research use. He has not released any of these jailbreaks.

The name references a misunderstanding in which an unrelated tweet mentioning an elevator was mistaken by community members as being a hint of an upcoming iPad 2 jailbreak named "Elevat0r". Esser registered the domain elevat0r.com in response, which stated: "This website is not about an iPad 2 jailbreak, it is about photos of iDevices in or infront of elevators." Subsequently, he gave the Elevat0r codename to multiple private, unreleased jailbreaks developed as part of his security research.

In 2017, Esser presented the internals of the first Elevat0r at Hack in the Box GSEC. The first Elevat0r exploited the system call setattrlist() - specifically, its parsing of the ATTR_VOL_NAME attribute, which could lead to kernel memory corruption. The vulnerability was discovered in iOS 5, around 2011 - 2012, and despite multiple fix attempts by Apple, was not fully resolved until iOS 9.0.

External Links