Pwnie Awards 2017

The 2013 Pwnie Award For Best Privilege Escalation Bug

CVE-2013-0977

David Wang aka planetbeing the evad3rs team

According to statistics in February, the evasi0n exploit works for at least 5 million people every time they boot their iPhone. It bypasses code signing by interposing with an incomplete codesign bug in the dynamic loader. It bypasses user space ASLR by using the dynamic linker. It exploits an untrusted pointer in the kernel with some help from a heap info leak, the ARM data abort interrupt handler and some techniques by Tarjei Mandt by Mark Dowd.