A security researcher has released a tool that will untether iPhones and other devices running iOS 5.01, allowing them to run unsigned code. The tool relies on a pair of exploits, one in an iOS binary and another in the kernel, and the jailbreak will survive after a reboot.
The tool, called Corona, takes advantage of a format string bug in a binary called racoon that’s used when setting up IPSec connections. The untether jailbreak works on devices running iOS 5.01, and is the work of a researcher who goes by the handle pod2g. He has posted a video demo of the untether tool in action, and the tool has been added to the redsn0w packages that will jailbreak and untether devices.
The researcher has been working on the exploits and untether tool for some time and said that he also is working on an update that will work on devices that use the A5 chip, including the iPhone 4S.In his explanation of the way Corona works, pod2g said that because Apple has fixed all of the previously known tricks for jailbreaking iOS devices, he went looking for a different way to accomplish the same feat. He found it.
“In iOS 5.0, data pages need also to be signed by Apple for the loader to authenticate the binary. @i0n1c seems to be able to pass through these verifications though (https://twitter.com/#!/i0n1c/status/145132665325105152). We may see this in the 5.1 jailbreak,” he wrote in a blog post explaining the way the jailbreak works.