Aug 25, 2016

What's the difference? :)

It's explained in detail here:

Apparently it overwrites a system binary that's launched on boot with another apple-signed binary "jsc" (a console javascript interpreter), which will evaluate some sort of .js that re-exploits everything. Pretty clever to re-use apple-signed binaries for nefarious purposes. (The binary must be apple-signed because when booting the kernel isn't exploited yet and so it enforces code signing, obviously).

Aug 25, 2016

Direct links to other resources:

Technical analysis:

CitizenLab analysis of the nation-state side of things:

Apple update:

Aug 25, 2016

Here are the full technical details: