The 2011 Pwnie Winner For Best Client-Side Bug

FreeType vulnerability in iOS (CVE-2011-0226)

Credit: Comex

Comex exploited a vulnerability in the interpreter for Type 1 font programs in the FreeType library used by MobileSafari. This exploit is a great example of programming a weird machine to exploit a modern system. Comex used his control over the interpreter to construct a highly sophisticated ROP payload at runtime and bypass the ASLR protection in iOS. Furthermore, the ROP payload exploited a kernel vulnerability to execute code in the kernel and disable code-signing. The exploit was hosted on and was successfully used by thousands of people to jailbreak their iOS devices.