Evasi0n

History

Four of the six exploits used were patched by Apple on 18 March 2013 with the release of iOS 6.1.3. On 22 December 2013, the evad3rs released a new version of evasi0n that supports iOS 7.x, known as evasi0n7. One major exploit used by this jailbreak was patched by Apple with the 4th beta of iOS 7.1 and two more with beta 5. The final release of iOS 7.1 fixed all the exploits used by evasi0n7.

Technology

The evasi0n jailbreak first remounts the root file system as read-write and then achieves persistence by editing the /etc/launchd.conf file, which launchd consults. Evasi0n then applies patches in the kernel, bypassing address space layout randomization by triggering a data fault and reconstructing the kernel slide by reading the faulting instruction from the appropriate ARM exception vector. It produces an "untethered" jailbreak, which means that the jailbreak continues to work even after rebooting the phone.

PCMag reported that evasi0n checks whether it is running on a Chinese-language computer, and, if so, installs Taiji, a Chinese app market, rather than Cydia.

References

References

1. (12 February 2013). "Evasi0n 'jailbreaks' 7M iOS devices, update already available for iOS 6.1.1". [[AppleInsider]].
2. (2014-01-21). "iH8sn0w on Twitter: "So the code sign bug that evasi0n7 uses still exists in 7.1b4. Kernel exploit looks patched though :P"". Twitter.com.
3. (2014-02-04). "iH8sn0w on Twitter: "Apple fixed the chown vuln that appeared in iOS 7 and used by evasi0n7 by checking to see if its a symlink again :P"". Twitter.com.
4. (2014-02-04). "iH8sn0w on Twitter: "evasi0n7's afc sandbox escape is patched in 7.1b5 too."". Twitter.com.
5. Greenberg, Andy. "Inside Evasi0n, The Most Elaborate Jailbreak To Ever Hack Your iPhone". [[Forbes]].
6. (11 January 2014). "The Real Code In iOS 7 Jailbreak's Evasi0n".