Pwnie Awards is an annual event in which the achievements and failures of IT security experts and the IT community in general are presented. The event is in its 5th edition and the award ceremony will take place on August 3 in Las Vegas Nevada and comex and geohot were nominated for two of the 9 categories for which awards will be given. Comex was of course nominated to the category Pwnie for Best Client-Side Bug for the exploit thanks to which millions of iPad 2 tablet owners can jailbreak simply and easily using jailbreakme.com.
FreeType vulnerability in iOS (CVE-2010-1797)
Credit: Comex
Comex exploited a vulnerability in the interpreter for Type 1 font programs in the FreeType library used by MobileSafari. This exploit is a great example of programming a weird machine to exploit a modern system. Comex used his control over the interpreter to construct a highly sophisticated ROP payload at runtime and bypass the ASLR protection in iOS. Furthermore, the ROP payload exploited a kernel vulnerability to execute code in the kernel and disable code-signing. The exploit was hosted on jailbreakme.com and was successfully used by thousands of people to jailbreak their iOS devices.
Comex is not the only hacker developer of jailbreak solutions nominated for Pwnie Awards 2011 because geohot has a nomination but in his case it is about a song and not a jailbreak solution. The song for which geohot was nominated is the one "made" during the time when the trial with Sony was still ongoing and thanks to him it could win an award at the Pwnie Awards 2011. If we're still on this topic, I'll tell you that Sony was nominated for 5 Most Epic Fails awards and all thanks to the actions of geohot and those from LulzSec.
It is not known if any of them will win an award, but they deserve praise for what they have achieved.
[youtube]http://www.youtube.com/watch?v=9iUvuaChDEg[/youtube]
