Richard Zhu and Amat Cama, two white hat hackers, recently teamed up at the Mobile Pwn2Own contest in Tokyo and ended up earning a $60,000 prize after finding an iPhone exploit, according to a blog post on the Zero Day Initiative website.


The duo used a Safari weakness on an iPhone X running iOS 12.1 to retrieve a photo that had recently been deleted from the device. The hackers used a malicious Wi-Fi access point to exploit a just-in-time (JIT) compiler vulnerability.


The exploit the two hackers discovered can also be used to access additional files beyond deleted photos; the deleted photo just happened to be the first file the two came across and so it was used as a demonstration.

Next up, Amat and Richard returned to the Short Distance category. This time, they were targeting the iPhone X over Wi-Fi. They used a pair of bugs – a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation. The successful demonstration earned them $60,000 USD more and 10 additional Master of Pwn points. This ends their first day of competition with $140,000 USD and a commanding lead for the Master of Pwn with 31 points.

With the prize money and points awarded from the iPhone vulnerability along with other exploits shown off at the event, Zhu and Cama won the "Master of Pwn" title.

pwn2owntokyo
Apple has been informed of the vulnerability and will likely address it in an upcoming iOS update.

Top Rated Comments

tridley68 Avatar
tridley68
92 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Score: 5 Votes (Like | Disagree)
Sasparilla Avatar
Sasparilla
92 months ago
This is an annual competition and while it seems bad on the surface, its actually good - all these exploits (which are out there and probably being used by others) will now get closed.

The more of this the better. The picture of the two heroes are awesome....so young, gotta be college or just out.

I'd love to see Apple put serious money out there for prizes to entice folks who might sell such things to bad actors or governments instead (there is such a market with big money involved).
Score: 5 Votes (Like | Disagree)
mmcneil Avatar
mmcneil
92 months ago
Love the white hats, congratulations to some serious and extremely young hackers. Great careers ahead for both!! Completely agree that Apple should participate in the bug bounty system to encourage the good guys!!!
Score: 2 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
92 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Why would they? pwn2own is an annual contest. there were vulnerabilities last year, there are vulnerabilities this year, and there will be vulnerabilities next year. Hiring the researchers who find them (vulns) is no guarantee they'll strengthen their security. They'd end up with a boatload of researchers and still have the systems exploited every year. Security is an ongoing exercise.
Score: 1 Votes (Like | Disagree)
PJivan Avatar
PJivan
92 months ago
The 3-letter agencies can not access our data. Ohh, wait...
0 days will always exist, the differences is that agencies keep them for themselves.
What you should expect from a company is to do their best to protect their customers. The bigger issues in today it world is that a chunk of companies found out that personal data is an extremely lucrative business, offering free service in exchange as trojan horses, now that is really concerning.
Score: 1 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
92 months ago
Congrats to the White Hat hackers. A win for all involved.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

Foldable iPhone 2023 Feature 1

Apple to Make More Foldable iPhones Than Expected

Tuesday December 9, 2025 9:59 am PST by
Apple has ordered 22 million OLED panels from Samsung Display for the first foldable iPhone, signaling a significantly larger production target than the display industry had previously anticipated, ET News reports. In the now-seemingly deleted report, ET News claimed that Samsung plans to mass-produce 11 million inward-folding OLED displays for Apple next year, as well as 11 million...
Read Full Article109 comments
iOS 26

15 New Things Your iPhone Can Do in iOS 26.2

Friday December 5, 2025 9:40 am PST by
Apple is about to release iOS 26.2, the second major point update for iPhones since iOS 26 was rolled out in September, and there are at least 15 notable changes and improvements worth checking out. We've rounded them up below. Apple is expected to roll out iOS 26.2 to compatible devices sometime between December 8 and December 16. When the update drops, you can check Apple's servers for the ...
Read Full Article51 comments
iPhone 14 Pro Dynamic Island

iPhone 18 Pro Leak Adds New Evidence for Under-Display Face ID

Monday December 8, 2025 4:54 am PST by
Apple is actively testing under-screen Face ID for next year's iPhone 18 Pro models using a special "spliced micro-transparent glass" window built into the display, claims a Chinese leaker. According to "Smart Pikachu," a Weibo account that has previously shared accurate supply-chain details on Chinese Android hardware, Apple is testing the special glass as a way to let the TrueDepth...
Read Full Article76 comments
iOS 26

Apple Seeds Second iOS 26.2 Release Candidate to Developers and Public Beta Testers

Monday December 8, 2025 10:18 am PST by
Apple today seeded the second release candidate version of iOS 26.2 to developers and public beta testers, with the software coming one week after Apple seeded the first RC. The release candidate represents the final version iOS 26.2 that will be provided to the public if no further bugs are found. Registered developers and public beta testers can download the betas from the Settings app on...
Read Full Article62 comments
Google maps feaure

Google Maps Quietly Added This Long-Overdue Feature for Drivers

Wednesday December 10, 2025 2:52 am PST by
Google Maps on iOS quietly gained a new feature recently that automatically recognizes where you've parked your vehicle and saves the location for you. Announced on LinkedIn by Rio Akasaka, Google Maps' senior product manager, the new feature auto-detects your parked location even if you don't use the parking pin function, saves it for up to 48 hours, and then automatically removes it once...
Read Full Article37 comments
Johny Srouji

Apple's Chipmaking Chief Johny Srouji Responds to Report About Him Potentially Leaving

Monday December 8, 2025 9:23 am PST by
Apple's chipmaking chief Johny Srouji has reportedly indicated that he plans to continue working for the company for the foreseeable future. "I love my team, and I love my job at Apple, and I don't plan on leaving anytime soon," said Srouji, in a memo obtained by Bloomberg's Mark Gurman. Here is Srouji's full memo, as shared by Bloomberg:I know you've been reading all kind of rumors and...
Read Full Article95 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Monday December 1, 2025 2:40 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article107 comments
google pixel 10

Switching Between iPhone and Android Will Get Easier With New Apple and Google Collaboration

Monday December 8, 2025 11:10 am PST by
Apple and Google are teaming up to make it easier for users to switch between iPhone and Android smartphones, according to 9to5Google. There is a new Android Canary build available today that simplifies data transfer between two smartphones, and Apple is going to implement the functionality in an upcoming iOS 26 beta. Apple already has a Move to iOS app for transferring data from an Android...
Read Full Article88 comments
Apple Fitness Plus expansion hero

Apple Fitness+ Coming to 28 New Regions With Digital Voice Dubbing

Monday December 8, 2025 6:19 am PST by
Apple today announced that Fitness+ is expanding to 28 new markets on December 15 in the service's largest international rollout since launch, accompanied by new language dubbing and a K-Pop music genre. Apple Fitness+ will become available in Chile, Hong Kong, India, the Netherlands, Singapore, Taiwan, and additional regions on December 15, with Japan scheduled to follow early next year....
Read Full Article51 comments
Johny Srouji

Apple Chip Chief Johny Srouji Could Be Next to Go as Exodus Continues

Sunday December 7, 2025 10:41 am PST by
Apple's senior vice president of hardware technologies Johny Srouji could be the next leading executive to leave the company amid an alarming exodus of leading employees, Bloomberg's Mark Gurman reports. Srouji apparently recently told CEO Tim Cook that he is "seriously considering leaving" in the near future. He intends to join another company if he departs. Srouji leads Apple's chip design ...
Read Full Article399 comments