The 'dream team' of iOS hackers explains how the Corona jailbreak worked at HITBSecConf.
- GreenPois0n Absinthe was built upon @pod2g's Corona untether jailbreak to create the first public jailbreak for the iPhone 4S and iPad 2 on for the 5.0.1 firmware. In this paper, we present a chain of multiple exploits to accomplish sandbox breakout, kernel unsigned code injection and execution that result in a fully-featured and untethered jailbreak.
Corona is an acronym for "racoon", which is the primary victim for this attack. A format string vulnerability was located in racoon's error handling routines, allowing the researchers to write arbitrary data to racoon's stack, one byte at a time, if they can control racoon's configuration file. Using this technique researchers were able to build a ROP payload on racoon's stack to mount a rogue HFS volume that injects code at the kernel level and patch its code-signing routines.
The original Corona untether exploit made use of the LimeRa1n bootrom exploit as an injection vector, to allow developers to disable ASLR and sandboxing, and call racoon with a custom configuration script. This however left it unusable for newer A5 devices like the iPad2 and iPhone 4S, which weren't exploitable to LimeRa1n, so another injection vector was needed. -
You can get the full presentation notes from here.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
As soon as a jailbreak is released, Apple devs are able to decompile the jailbreak tool to see the vulnerability it exploits so that they an close it be releasing a patch or fixing it in the new firmware. It's not difficult for them.
Corona is -not- an acronym for "racoon."
Acronym-
A word formed from the initial letters of other words (e.g., radar, laser, scuba).
You mean...
Anagram-
A word, phrase, or name formed by rearranging the letters of another (e.g. cinema, formed from iceman).
I know. Stickler. But we learned something here. ;-)
Otherwise, a well written and informative article.
![Apple Seeds watchOS 10.5 Beta 2 to Developers [Download]](/images/news/93332/93332/93332-160.jpg "Apple Seeds watchOS 10.5 Beta 2 to Developers [Download]")
![Apple Releases macOS Sonoma 14.5 Beta 2 [Download]](/images/news/93337/93337/93337-160.jpg "Apple Releases macOS Sonoma 14.5 Beta 2 [Download]")
![Apple Seeds VisionOS 1.2 Beta 2 to Developers [Download]](/images/news/93334/93334/93334-160.jpg "Apple Seeds VisionOS 1.2 Beta 2 to Developers [Download]")
![Apple Seeds tvOS 17.5 Beta 2 to Developers [Download]](/images/news/93329/93329/93329-160.jpg "Apple Seeds tvOS 17.5 Beta 2 to Developers [Download]")
![New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]](/images/news/93314/93314/93314-160.jpg "New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]")
![Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]](/images/news/93302/93302/93302-160.jpg "Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]")
![AirPods Pro 2 With USB-C On Sale for $189! [Deal]](/images/news/92932/92932/92932-160.jpg "AirPods Pro 2 With USB-C On Sale for $189! [Deal]")
![iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]](/images/news/93207/93207/93207-160.jpg "iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]")
