iOS 6 Evasi0n Jailbreak: Planetbeing Wins Pwnie Award for Best Privilege Escalation Bug
iOS 6 Evasi0n Jailbreak: Planetbeing Wins Pwnie Award for Best Privilege Escalation Bug

iOS jailbreak scene has long been dominated by the presence of a few highly talented and skilled hackers such as pod2g, MuscleNerd, pimskeks and planetbeing. These four members formed the evad3rs Dream Team in February and unleashed the highly-anticipated evasi0n jailbreak for Apple's iOS 6.

Quite befittingly, planetbeing (aka David Wong) has won the Pwnie award for Best Privilege Escalation Bug at the recently concluded Black Hat hacking convention at Las Vegas. The award recognises the veteran hacker for his industrious efforts in discovering critical bugs and exploits in iOS 6, which resulted in the making of the evasi0n untethered jailbreak.

MuscleNerd tweets his congratulatory note to planetbeing on winning the coveted Pwnies award:

iOS 6 Evasi0n Jailbreak: Planetbeing Wins Pwnie Award for Best Privilege Escalation Bug
iOS 6 Evasi0n Jailbreak: Planetbeing Wins Pwnie Award for Best Privilege Escalation Bug

The official Pwnie website credits the award to planetbeing and the evad3rs team for their effort in discovering "the most technically sophisticated and interesting privilege escalation vulnerability."

The website further highlights the statistical feat achieved by the popular evasi0n jailbreak in February, which worked at least 5 million times while booting iPhones via evasi0n exploit. As iDownloadBlog points out, the jailbreak was instrumental in hacking over 20 million devices and withstanding two software updates, before Apple finally killed it by releasing iOS 6.1.3.

Categorising the award credit for "iOS incomplete codesign bypass and kernel vulnerabilities," the Pwnie website gives an interesting explanation for the working of evasi0n jailbreak:

"The evasi0n exploit bypasses code signing by interposing with an incomplete codesign bug in the dynamic loader. It bypasses user space ASLR by using the dynamic linker. It exploits an untrusted pointer in the kernel with some help from a heap info leak, the ARM data abort interrupt handler and some techniques by Tarjei Mandt by Mark Dowd."