Today I succeed in jailbreaking my iPod 3G.
The exploit is user-land, rely on a user ROP payload and a kernel write anywhere exploit.
I can't give much details right now, but here are the next steps :
- upgrade the iPod 3G to iOS 5.0.1
- do the same on iPhone 4 / iOS 5.0.1
- then iPad 1 & iPod 4G
At every step, the exploit code needs certainly to be reworked, but I really don't know right now.
Next, I'll return to the research for iPad 2 and iPhone 4S. I don't know if I gonna release first for other devices or not. I've to think about it. Feel free to give your opinion.
I'll update the blog when I have news.