Recently, at the Pwnie Awards ceremony held during the Black Hat Security Conference, renowned iOS jailbreak community hacker Planetbeing was awarded the "Best Privilege Escalation Bug" award. Hacker MuscleNerd congratulated Planetbeing on Twitter for receiving this award and shared pictures with us. In the picture, we can see the Pwnie Awards logo — a golden little pony doll.
Below is the presentation of the "Best Privilege Escalation Bug":
This award is given to the person who discovers or exploits the most technically skilled or interesting privilege escalation vulnerability. These vulnerabilities include local operating system privilege escalation, operating system sandbox escapes, and virtual machine guest privilege escalation vulnerabilities.
- iOS incomplete codesign bypass and kernel vulnerabilities (CVE-2013-0977, CVE-2013-0978, and CVE-2013-0981)
- Awarded to: David Wang, also known as planetbeing, and the evad3rs team
The award description states, "According to February statistics, the evasi0n vulnerability has already served at least 5 million users. It intervenes in an incomplete code symbol vulnerability in the dynamic loader, bypassing signature verification. It uses the dynamic connector to bypass user space ASLR. Based on leaked information, ARM data abort interrupt handlers, and some techniques from Mark Dowd and Tarjei Mandt (researchers at Azimuth Security), it exploits untrusted pointers in the kernel."
The Pwnie Awards are often referred to as the "Oscars" of the hacking world, being the annual Oscars that computer hackers award themselves. Winners receive a Hasbro-produced "My Little Pony" doll, only this little pony will be painted gold. The pronunciation of Pwnies is similar to "ponies" (little ponies), and this word originates from the hacker jargon "Pwned," which means a device has been "occupied" or controlled by a hacker.