The 2013 Pwnie Winner For Best Privilege Escalation Bug

iOS incomplete codesign bypass and kernel vulnerabilities (CVE-2013-0977, CVE-2013-0978 and CVE-2013-0981)

Credit: David Wang aka planetbeing and the evad3rs team

According to statistics in February, the evasi0n exploit works for at least 5 million people every time they boot their iPhone. It bypasses code signing by interposing with an incomplete codesign bug in the dynamic loader. It bypasses user space ASLR by using the dynamic linker. It exploits an untrusted pointer in the kernel with some help from a heap info leak, the ARM data abort interrupt handler and some techniques by Tarjei Mandt by Mark Dowd.

(CVE-2013-0977CVE-2013-0978 and CVE-2013-0981)