New Safari Exploit (1.1.3)

**ayan4m1** · 02-07-2008 10:09 PM

You could downgrade the baseband, but it's totally useless (now) for phones with bootloader 4.6. In the future it could be used to easily jailbreak new phones, which would be useful, but we don't downgrade the baseband with the current tiff exploit. Step one is exploiting the new exploit, but then the baseband downgrader would need to be developed and made to run through Safari. I'm not saying it wouldn't be nice to have, but I think it banks on too many slim probabilities to result in the type of application you're describing.

**lighter** · 02-08-2008 05:07 AM

are you sure its just a matter of crashing safari? I mean I have gone to a ton of sites that crash safari ... there has to be more then just safari crashing.... or is it making the phone restart?

**techshop-uk** · 02-08-2008 06:55 AM

The phone restarts after about 30 seconds with this expolit

**ayan4m1** · 02-08-2008 07:04 AM

It does need to do more than crash Safari. If it were an exploit, you would need to overflow an area of program/system memory in such a way that it allows our code to execute on the processor. Although the method for this differs greatly from exploit to exploit, it generally involves manipulating a function or stack pointer so that it executes an exploit-defined function that is also loaded into memory.

**ManiacX** · 02-08-2008 07:04 AM

You people just don't understand.

Whenever there is a crash, it is caused by a buffer overflow or something happening that shouldn't be. Although this is not true in all cases, it is in most.

Buffer overflows can be manipulated to execute arbritary code (in this case, a jailbreak). The code is delivered as a Payload (as it is often called).

That is just a VERY basic explaination of the matter.

Please try to understand things before you comment on them

This "Crash" could possibly be manipulated to force the iPod/iPhone to deliver a jailbreaking payload.

I'll try to see what I can do. Post back with the results soon

--ManiacX

**duwde** · 02-08-2008 07:57 AM

Correct me if I'm wrong but isn't safari being run as non-root since 1.1.3 ?? therefore a safari bufffer-overflow wouldn't help much (as it isn't running as root).

PS: I can't confirm that safari is running as non-root, but I've heard....

**L38Crow** · 02-08-2008 08:01 AM

Yes! But how can you explain why IPhone reboots? That should never happend if process running under user priveleges. Someone have to figure out how to use it.

**s.supreet** · 02-08-2008 08:13 AM

Hi,
I am new here , an m just a little confused, i hope u ppl can help me..
when v update the firmware from itunes , does it also update the bootloader version or jst the baseband ??

**LukeFX** · 02-08-2008 09:09 AM

Originally Posted by L38Crow

Yes! But how can you explain why IPhone reboots? That should never happend if process running under user priveleges. Someone have to figure out how to use it.

what firmware do you have? on my 1.1.2 it never reboots. simply crash Safari and return to springboard.

**xMemphisx** · 02-08-2008 10:09 AM

Originally Posted by duwde

Correct me if I'm wrong but isn't safari being run as non-root since 1.1.3 ?? therefore a safari bufffer-overflow wouldn't help much (as it isn't running as root).

PS: I can't confirm that safari is running as non-root, but I've heard....

Safari runs as root on 1.1.3, just verified it myself. This is very good news