Pod2G Explains How Corona Works

A4 devices untethered jailbreak was released a short while ago after countless hours of hard work performed by the Chronic Dev Team and the iPhone Dev Team. To untether jailbreak your A4 device, you could use Cydia package “Corona “ if you are on iOS 5.0.1 tethered, but if you are on stock iOS 5.0.1, you will need RedSnow.

Pod2G today explained in a blog post how the Corona Untethered jailbreak works
He said :

Apple has fixed all previous known ways of executing unsigned binaries in iOS 5.0. Corona does it another way.

For Corona, I searched for a way to start unsigned code at boot without using the Mach-O loader. That’s why I searched for vulnerabilities in existing Apple binaries that I could call using standard launchd plist mechanisms.

Using a fuzzer, I found after some hours of work that there’s a format string vulnerability in the racoon configuration parsing code ! racoon is the IPsec IKE daemon (http://ipsec-tools.sourceforge.net/). It comes by default with iOS and is started when you setup an IPsec connection.

Now you got it, Corona is an anagram of racoon:-)

We are awaiting the A5 untethered jailbreak (iPhone 4S and iPad 2 ).Pod2G is working hard on it .So, keep your fingers crossed.