Published at LXer:
There are perhaps six known historic flaws in SecureROM that have enabled jailbreakers to bypass the signature check in one way or another. These bugs are particularly appealing to jailbreakers, because SecureROM is baked into hardware, and so the bugs cannot be fixed once they are in the wild: Apple has to update the hardware to address them. Exploitable bugs have been found in the way SecureROM loads the image, verifies the signature, and communicates over USB, and in all cases they have enabled devices to boot unsigned firmware.
Read More...