November 7, 2024

Planetbeing Wins 2013 Pwnie Award for Best Privilege Escalation Bug

Posted August 2, 2013 at 1:31am by iClarified · 11745 views
Planetbeing has been awarded a Pwnie for the Best Privilege Escalation Bug at a BlackHat USA awards ceremony in Las Vegas.

Fellow hacker MuscleNerd congratulated him via Twitter:

"Congrats to @planetbeing for winning this year’s Pwnie award for privilege escalation in the iOS jailbreak :) pic.twitter.com/CZy23op9Pc"

Pwnie for Best Privilege Escalation Bug
Awarded to the person who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities.

● iOS incomplete codesign bypass and kernel vulnerabilities (CVE-2013-0977, CVE-2013-0978 and CVE-2013-0981
Credit: David Wang aka planetbeing and the evad3rs team

"According to statistics in February, the evasi0n exploit works for at least 5 million people every time they boot their iPhone. It bypasses code signing by interposing with an incomplete codesign bug in the dynamic loader. It bypasses user space ASLR by using the dynamic linker. It exploits an untrusted pointer in the kernel with some help from a heap info leak, the ARM data abort interrupt handler and some techniques by Tarjei Mandt by Mark Dowd."

Congratulations to planetbeing and all the evad3rs for their great work. You can find instructions on how to jailbreak your eligible device via the iClarified Jailbreak Wizard.