14 DAY TRIAL // iPhone Dev Team member Musclenerd is spreading the word on Twitter that his fellow hacker Comex has just been nominated to a Pwnie Award for Best Client-Side Bug.
Notorious for his jailbreaking feats on Apple’s iOS, Comex has been able to produce what is arguably the simplest jailbreak utility using a PDF exploit for which the people at pwnies.com are now crediting the hacker.
The word comes via Musclenerd, one of the more vocal iPhone Dev Team members, who informs on the microblogging service, Twitter, that Comex has been nominated for one of the categories:
“Congrats to @comex for the @PwnieAwards nomination is.gd/jriZqE (that whole nominations page is a great read!),” reads Musclenerd’s tweet.
Specifically, Comex has been nominated for “Pwnie for Best Client-Side Bug.” The award in this category goes to “the person who discovered or exploited the most technically sophisticated and interesting client-side bug.”
“These days, ‘client’ is pretty much synonymous with ‘web browser,’ but don't forget about all the media player integer overflows!”, the people at pwnies.com explain.
A description of Comex’s PDF vulnerability is also offered (reproduced below).
FreeType vulnerability in iOS (CVE-2010-1797) Credit: Comex
Comex exploited a vulnerability in the interpreter for Type 1 font programs in the FreeType library used by MobileSafari. This exploit is a great example of programming a weird machine to exploit a modern system. Comex used his control over the interpreter to construct a highly sophisticated ROP payload at runtime and bypass the ASLR protection in iOS. Furthermore, the ROP payload exploited a kernel vulnerability to execute code in the kernel and disable code-signing. The exploit was hosted on jailbreakme.com and was successfully used by thousands of people to jailbreak their iOS devices.
The flaw has been patched in iOS 4.3.4, a recently released software update specifically tasked with closing this hole and, implicitly, erase all hacks resulted from accessing jailbreakme.com.