WInd3x

wInd3x is a bootrom exploit for the iPod nano 3rd through 5th generation, and the iPod classic (6th generation). It is assumed that the iPhone, iPhone 3G, and iPod touch are also vulnerable.

The vulnerability is in the DFU mode USB stack, where a user-controlled parameter passed in a  packet is used to index an array without bounds checking. The exploit is named after the  field in the struct that comprises the data from the USB packet.