Browser-Based iOS 9.1/9.2 Jailbreak Wins $1M Bounty, Will Be Sold for Corporate and Government Use

remotejailbreakEarlier this month, exploit acquisition platform Zerodium debuted an iOS 9 bug bounty that would pay out up to three million dollars to hackers who managed to develop a browser-based untethered jailbreak for iOS 9, which it could then sell to clients interested in shelling out a lot of money to gain illicit access to iOS devices.

The contest expired at the end of October, and Zerodium today announced one hacking team had successfully created a browser-based jailbreak for iOS 9.1 and iOS 9.2, the latest versions of iOS 9, earning $1 million.

Zerodium foundar Chaouki Bekrar told Wired that the exploit developed by the hackers will be given to its customers, which include major technology, finance, and defense corporations, along with government agencies. The contest rules required the exploit to be achievable remotely without requiring user interaction beyond reading a text message or visiting a website via Chrome or Safari on an iOS device.

Bekrar confirmed that Zerodium plans to reveal the technical details of the technique to its customers, whom the company has described as "major corporations in defense, technology, and finance" seeking zero-day attack protection as well as "government organizations in need of specific and tailored cybersecurity capabilities."

Because it's selling the jailbreak ("likely" to U.S. customers only), Zerodium does not plan to report the vulnerabilities in the operating system to Apple, though Bekrar says the company may share the details at a later date. The jailbreak also won't be provided to the general public, but Bekrar says Zerodium announced the results of the contest to remind people that while iOS security is "very hardened," it's not unbreakable.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

locoboi187 Avatar
87 months ago
This is very very bad. This is going to be abused by either our government or another malicious party. For example, all one would need to do is inject the exploit in an unencrypted WiFi to gain complete control over a phone since this is a browser based hack.
Score: 26 Votes (Like | Disagree)
KALLT Avatar
87 months ago
Folks, this is just a jailbreak, it's neither illegal, nor can it be applied to a phone whose owner doesn't want it, just like all the other jailbreaks over the years.
The contest rules required the exploit to be achievable remotely without requiring user interaction beyond reading a text message or visiting a website via Chrome or Safari on an iOS device.
What do you think a jailbreak is? It's just a fancy name for an exploit that you want to use. If applied against your will or without your knowledge it is simply malware.
Score: 21 Votes (Like | Disagree)
2457282 Avatar
87 months ago
Hopefully, Apple who is sneaky is actually one of the customers and will plug the hole quickly. Yes wishful thinking, we might get a plug if the hole goes public and then probably in iOS 10. (SMH)
Score: 15 Votes (Like | Disagree)
jim.arrows Avatar
87 months ago
Buy Apple they said. It's secure they said.
The fact that they're offering $1M for someone to develop the breach should make you feel very good about the overall security of the system... if it was easy nobody would pay $1M for it.
Score: 14 Votes (Like | Disagree)
sirdir Avatar
87 months ago
uninstalling Chrome browser on my iPhone today.
the winning team for the hack probably gains entry through the Chrome browser, not Safari on iOS.
As Chrome is forced to use webkit as a renderer, I don't think it makes a diference what browser you're using.
Score: 13 Votes (Like | Disagree)
Speedman100 Avatar
87 months ago
Um is this like legal?
Score: 12 Votes (Like | Disagree)

Popular Stories

top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
13 inch macbook pro m2 mock feature 2

M2 MacBook Pro Much Slower Than Previous Model

Friday July 1, 2022 2:24 am PDT by
Apple's new 13-inch MacBook Pro with the M2 chip features a significantly slower SSD compared to the previous model, resulting in poorer performance in some workflows, it has been discovered. Specifically, it has been found that the $1,299 base model with 256GB of storage has significantly slower SSD read and write speeds compared to the equivalent previous-generation 13-inch MacBook Pro....