iPhone Dev Team member Musclenerd is spreading the word on Twitter that his fellow hacker Comex has just been nominated to a Pwnie Award for Best Client-Side Bug.
Notorious for his jailbreaking feats on Apple’s iOS, Comex
has been able to produce what is arguably the simplest jailbreak utility using a PDF exploit for which the people at pwnies.com are now crediting the hacker.
The word comes via Musclenerd
, one of the more vocal iPhone Dev Team members, who informs on the microblogging service, Twitter, that Comex has been nominated for one of the categories:
“Congrats to @comex for the @PwnieAwards nomination is.gd/jriZqE (that whole nominations page is a great read!),” reads Musclenerd’s tweet.
Specifically, Comex has been nominated
for “Pwnie for Best Client-Side Bug.” The award in this category goes to “the person who discovered or exploited the most technically sophisticated and interesting client-side bug.”
“These days, ‘client’ is pretty much synonymous with ‘web browser,’ but don't forget about all the media player integer overflows!”, the people at pwnies.com explain.
A description of Comex’s PDF vulnerability is also offered (reproduced below).
FreeType vulnerability in iOS (CVE-2010-1797)
Comex exploited a vulnerability in the interpreter for Type 1 font programs in the FreeType library used by MobileSafari. This exploit is a great example of programming a weird machine to exploit a modern system. Comex used his control over the interpreter to construct a highly sophisticated ROP payload at runtime and bypass the ASLR protection in iOS. Furthermore, the ROP payload exploited a kernel vulnerability to execute code in the kernel and disable code-signing. The exploit was hosted on jailbreakme.com and was successfully used by thousands of people to jailbreak their iOS devices.
The flaw has been patched in iOS 4.3.4, a recently released software update specifically tasked with closing this hole and, implicitly, erase all hacks resulted from accessing jailbreakme.com.