[News] Apple May Have Patched Limera1n Exploit in Newer iOS Devices (iPhone 4, iPad, iPod touch)
Monday, December 20, 2010
Posted by skygoat76 in news
We have just been tipped off, by the user himself to an interesting story that he posted over at ModMyi Forums where he bought a new iPad (running iOS 4.2.1) for his lady as a Christmas present, only to find out that he was not able to jailbreak it using the latest version of Redsn0w.
orbyorb: @TaimurAsad Please read http://bit.ly/hJuCSc –limera1n has probably been patched in iOS devices rolling out as of this week.In case you don’t already know, the current version of Redsn0w uses Geohot’s bootrom based Limera1n exploit to jailbreak all current iOS devices on the latest firmware. Since Limera1n exploit exists in the hardware, only a hardware revision from Apple could have patched it. And if Jack’s findings are true, Apple might have patched it in the new stock of iPhone 4, 3GS, iPad, iPod touch 4G and Apple TV 2G.
Here is the complete story:
I made a trip to the Apple Store today to get an iPad for my old lady (Christmas present). She told me she’d love it jailbroken, so I sat down in front of my computer to redsn0w this 4.2.1 iPad.So if your new iOS device comes with serial number xx050, there is a high chance that Limera1n is already patched on this device and you may not be able to jailbreak it with current jailbreak tools.
One problem–redsn0w 0.9.6b6 could not upload a pwned iBSS (hanged at the white screen on OS X, upload timed out and rebooted into jailed state with Windows).
Furthermore, the device constantly stalls when attempting to dump its bootrom. This leads me to believe the injection vector used via USB has been patched in DFU mode.
Case in point: Any iOS device with a serial number xx050 (this week) or higher might be unable to be jailbroken via the limera1n exploit. Slightly older devices may be invulnerable as well.
Again, we are not sure if this is indeed the case. Hopefully someone from the Dev-Team will soon shed some light on this.
UPDATE 1: As correctly pointed out by @xonder, the iBoot version 574.4 (see screenshots above) for both the devices are same. From The iPhone Wiki:
This is the first revision of the S5L8930 bootrom, found in the iPad, the iPod touch 4G, and in the iPhone 4. Geohot has hinted at an undiscovered bootrom exploit in all iDevices. He then left the jailbreak scene, but came back to release limera1n.UPDATE 2: Dev-Team responds:
SHAtter, a different exploit that only targets S5L8930 devices, is not released yet.
MuscleNerd: the 2 times Apple has fixed bootrom so far, the bootrom version # changed too. This is still showing 574.4, so I wouldn’t worry.