Pwnage 2.0

This exploit in the VROM is really the ultimate exploit, since it allows unsigned code to be run at the lowest level. It can be patched out only by a new hardware revision.

Credit
The dev team

Exploit
There is a stack overflow in the certificate parsing code. By passing a malformed certificate, unsigned code can be run.

Implementations

 * iran
 * PwnageTool (although it doesn't actually run the DFU, iTunes does)