iOS hacker Musclenerd is confirming that both the bootrom exploits (Geohot’s Limera1n and posixninja’s SHAtter) were patched by Apple in March 2010 itself. Apple engineers fixed both holes long before either exploit was developed. Musclenerd found iPad2 running a bootrom version iBoot-838.3 as compared to iBoot-574.4 in iPad 1G.
iPad2 bootrom version iBoot-838.3 means it was compiled March’10. Seems geohot guessed right: limera1n was already closedEarly testing also seems to show at least one thing SHAtter depends on was gone by March 2010 tooThis means any early iPad2 jailbreaks will have to be purely userland@fr0st SHAtter can’t work at all with the “thing” I referred to gone@hooners96 right. I guess this is a bit of a win for Apple engineers…they fixed both holes long before either exploit was developed.
Difference: Bootrom and Userland Jailbreak
Bootrom exploits are used to jailbreak the iOS device for life. It can’t be fixed by Apple without a new hardware release of iOS device (like iPad 2). Unlike userland jailbreak, just firmware’s update will not going to patch the bootrom exploit.
iBoot-574.4 bootrom is on A4 chip (S5L8930) used in the iPad 1G, iPhone 4, Apple TV 2G and iPod touch 4G while the iPad 2 is carrying iBoot-838.3 on A5 (S5L8940). As the bootrom has been revised, iPad 2 can only be jailbroken using new userland jailbreak.
In addition to this, Comex’s is confirming that his best kernel bug has also been closed iniOS 4.3 firmware update. The hacking community now has to discover a new userland exploit to jailbreak iPad 2.
0 comments:
Post a Comment