An exploit is available in iOS 5's iBoot that abuses a heap buffer overflow bug. The exploit was discovered by p0sixninja.

The exploit has been shown to be able to untethered verbose boot the original iPad.

Support for untethered downgrades on the iPod touch (3rd generation) via this exploit is planned in powdersn0w Archived 2022-07-20 at the Wayback Machine.

The exploit should also be available in iOS 4 or earlier. It was patched in iOS 6.

External links[edit source]

This exploit article is a stub. Please add more content to this article and remove this tag.

v t e Exploits
Exploits	0x24000 Segment Overflow ARM Exception Vector Info Leak ARM7 Go alloc8 Exploit amfid Lazy Binding Exploit amfid Text Relocation Exploit BPF_STX Kernel Write Exploit blackbird Exploit CVE-2013-0964 CVE-2021-30773 CVE-2021-30807 CVE-2021-30883 checkm8 Exploit CoreTrust Root Certificate Validation Vulnerability De Rebus Antiquis diags (iBoot command) Dual Boot Exploit Dynamic memmove() locating HFS Heap Overflow HFS Legacy Volume Name Stack Buffer Overflow iOS 5 HFS Heap Buffer Overflow IOSurface Kernel Exploit IOUSBDeviceFamily Vulnerability Incomplete Codesign Exploit Kernel memory write via ROP gadget libTiff Exploit limera1n Exploit Malformed CFF Vulnerability Malformed PairRequest MobileBackup Copy Exploit Overlapping Segment Attack posix_spawn kernel information leak Psychic Paper Pwnage Pwnage 2.0 Racoon String Format Overflow Exploit Ramdisk Hack SHA-1 Image Segment Overflow Shebang Trick Symbolic Link Vulnerability T1 Font Integer Overflow Timezone Vulnerability usb_control_msg(0x21, 2) Exploit usb_control_msg(0xA1, 1) Exploit v0rtex vm_map_copy_t corruption for arbitrary memory disclosure
Patches	/private/etc/fstab AMFI Binary Trust Cache Patch ASR Crazeles hgsp4 patch Hunnypot Kernel Patches PE_i_can_has_debugger Patch Sandbox Patch Signature Check Patch vm_map_enter Patch vm_map_protect Patch

See also[edit source]