Malformed PairRequest

From The Apple Wiki

By sending lockdownd a malformed property list for the PairRequest command causes lockdownd to crash and restart. This is probably non-exploitable, but it is used in the Timezone Vulnerability to restart lockdownd to change file permissions.

Normally, lockdownd expects data (NSData) to be sent as the PairRequest. However, evasi0n sends a boolean (NSNumber) which causes lockdownd to crash with an Objective-C unrecognized selector error.



See Also