Elevat0r is a general name that was used by security researcher Stefan Esser for jailbreaks he developed for private research use. He has not released any of these jailbreaks.
The name references a misunderstanding in which an unrelated tweet mentioning an elevator was mistaken by community members as being a hint of an upcoming iPad 2 jailbreak named "Elevat0r". Esser registered the domain elevat0r.com in response, which stated: "This website is not about an iPad 2 jailbreak, it is about photos of iDevices in or infront of elevators." Subsequently, he gave the Elevat0r codename to multiple private, unreleased jailbreaks developed as part of his security research.
In 2017, Esser presented the internals of the first Elevat0r at Hack in the Box GSEC. The first Elevat0r exploited the system call setattrlist()
- specifically, its parsing of the ATTR_VOL_NAME
attribute, which could lead to kernel memory corruption. The vulnerability was discovered in iOS 5, around 2011 - 2012, and despite multiple fix attempts by Apple, was not fully resolved until iOS 9.0.
External Links
- The Original Elevat0r: History of a private iOS Jailbreak from Hack in the Box GSEC 2017