Pod2G has found another exploit for the iPod touch 2G that may be used to provide a jailbreak for both MC and non-MC models.
A heap overflow exists in the iPod touch 2G (both old and new) bootrom's DFU Mode when sending a USB control message of request type 0xA1, request 0x1.
On newer devices, the same USB message triggers a double free() when the image upload is marked as finished, also rebooting the device (but that's not exploitable because the double free() happens in a row). posixninja analyzed and explained this one.
0 comments:
Post a Comment