The 2010 Pwnie Nominee For Best Server-Side Bug

iPhone remote SMS exploit (CVE-2009-2204)

Credit: Charlie Miller and Collin Mulliner

Charlie and Collin spent a lot of effort on fuzzing the iPhone with injected SMS messages and discovered a memory corruption vulnerability that could be triggered with a remote SMS message. Their heap manipulation with multiple SMS messages and resulting exploit were hardcore.