Comment by saurik

Multiple iOS jailbreaks--both by comex--were buffer overflows of the virtual machine stack due to bugs in how a few instructions were handled in freetype's implementation of true type font hinting. The resulting exploit was embedded in a PDF file (which was itself deployed by a website), but that was just a convenient way to embed the font and trigger very deterministic hinting: the bug wasn't in the PDF renderer, per se (though I imagine a lot of people were confused on that front in the popular press about the issue).

He open sourced the exploit concurrent to the website going up, and it was immediately adjusted for use against different targets (including FoxIt reader or something like that on Windows), and as freetype was used by a lot of Linux distributions in addition to iOS I imagine it was used in a ton of malware (which might or might not have been "high profile"). I actually use those vulnerabilities as a case study in the ethical trade offs of open source weaponization in my talks.

(There were two such jailbreaks, as there were/are separate implementations of two similar yet slightly different virtual machine versions, each of which had bugs that I remember to be related to the same fundamental mistake; and--as you can read about in another big thread on this website today, most developers think coming up with difficult abstractions isn't worth their effort and would rather fix things by playing whack-a-mole.)