Alex Plaskett from MWR Labs have demoed a browser exploit in the pre-Mango Internet explorer which in combination with vulnerable code in HTCâ€™s drivers can result in full kernel-mode access, which can be used to install rootkits, eavesdrop on a user or of course could be used to jailbreak the device.
Interestingly the browser vulnerability itself still does not allow full access to the OS, as it runs with least privileges, hence the requirement for the second vulnerability.
The hack also had to to defeat Address Space Randomization and eXecute Never flags.
The Mango update fixes the vulnerability and makes it more difficult to find new ones, but of course no platform is ever 100% secure. However MWR Labs lay a lot of the blame on OEM code, which they note have many more exploits that Microsoftâ€™s native code. This problem did not go away with Mango.