Pwnage 2.0

This exploit in the VROM is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It cannot be patched out.

Credit
The dev team

Exploit
There is a bug in the certificate parsing. By passing a malformed certificate, unsigned code can be run.

Implementations

 * iran
 * PwnageTool(although it doesn't actually run the DFU, iTunes does)