Comex Wins a Pwnie Award for his JailbreakMe Exploit
by Jared Erondu
August 5, 2011
The Pwnie Awards just wrapped up and a very helpful guy took one home. The Pwnie Awards (from the word pwn or to compromise) recognize both extreme excellence and failures in security. Nominees and winners are selected by a committee of security industry luminaries based on nominations from the information security web community. The awards are presented yearly at the DEFCON conference (one of the world's largest annual hacker conventions) in Las Vegas, NV.
JailbreakMe's 19-year-old Nicholas Allegra, better known by Comex or Apple's most wanted, took home a Pwnie award for his "Best Client-Side Bug" exploit. To achieve this, the winner had to have "discovered or exploited the most technically sophisticated and interesting client-side bug." If you don't know what JBM is, it's a website tool that more than two million iOS users have used to jailbreak their devices.
Comex developed it after spotting a security flaw in Apple's iOS. With it, millions of users unlocked the potential of their devices without having to download any software or IPSW files. It allowed users to visit the site and when they "slide to jailbreak," it would download a buggy PDF file that would take over the control of iOS and install third party software (Cydia) by getting root access. The fact that one guy found such a loophole and had the knowledge and coding skills to gain root access is a big deal, even if he doesn't think so. Via Forbes:
“It feels like editing an English paper,” Allegra says simply, his voice croaking as if he just woke up, though we’re speaking at 9:30 pm. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”
“Comex exploited a vulnerability in the interpreter for Type 1 font programs in the FreeType library used by Mobile Safari. This exploit is a great example of programming a weird machine to exploit a modern system. Comex used his control over the interpreter to construct a highly sophisticated ROP payload at runtime and bypass the ASLR protection in iOS.”There were eight other awards given out for failures and achievements in security but we are glad to see Comex's hard work awarded. Oftentimes, we take advantage of tools because of how simple they are. We tend to forget how much work went into making that tool so simple. Congratulations Comex! Now go edit some more English papers!
