Richard Zhu and Amat Cama, two white hat hackers, recently teamed up at the Mobile Pwn2Own contest in Tokyo and ended up earning a $60,000 prize after finding an iPhone exploit, according to a blog post on the Zero Day Initiative website.


The duo used a Safari weakness on an iPhone X running iOS 12.1 to retrieve a photo that had recently been deleted from the device. The hackers used a malicious Wi-Fi access point to exploit a just-in-time (JIT) compiler vulnerability.


The exploit the two hackers discovered can also be used to access additional files beyond deleted photos; the deleted photo just happened to be the first file the two came across and so it was used as a demonstration.

Next up, Amat and Richard returned to the Short Distance category. This time, they were targeting the iPhone X over Wi-Fi. They used a pair of bugs – a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation. The successful demonstration earned them $60,000 USD more and 10 additional Master of Pwn points. This ends their first day of competition with $140,000 USD and a commanding lead for the Master of Pwn with 31 points.

With the prize money and points awarded from the iPhone vulnerability along with other exploits shown off at the event, Zhu and Cama won the "Master of Pwn" title.

pwn2owntokyo
Apple has been informed of the vulnerability and will likely address it in an upcoming iOS update.

Top Rated Comments

tridley68 Avatar
tridley68
92 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Score: 5 Votes (Like | Disagree)
Sasparilla Avatar
Sasparilla
92 months ago
This is an annual competition and while it seems bad on the surface, its actually good - all these exploits (which are out there and probably being used by others) will now get closed.

The more of this the better. The picture of the two heroes are awesome....so young, gotta be college or just out.

I'd love to see Apple put serious money out there for prizes to entice folks who might sell such things to bad actors or governments instead (there is such a market with big money involved).
Score: 5 Votes (Like | Disagree)
mmcneil Avatar
mmcneil
92 months ago
Love the white hats, congratulations to some serious and extremely young hackers. Great careers ahead for both!! Completely agree that Apple should participate in the bug bounty system to encourage the good guys!!!
Score: 2 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
92 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Why would they? pwn2own is an annual contest. there were vulnerabilities last year, there are vulnerabilities this year, and there will be vulnerabilities next year. Hiring the researchers who find them (vulns) is no guarantee they'll strengthen their security. They'd end up with a boatload of researchers and still have the systems exploited every year. Security is an ongoing exercise.
Score: 1 Votes (Like | Disagree)
PJivan Avatar
PJivan
92 months ago
The 3-letter agencies can not access our data. Ohh, wait...
0 days will always exist, the differences is that agencies keep them for themselves.
What you should expect from a company is to do their best to protect their customers. The bigger issues in today it world is that a chunk of companies found out that personal data is an extremely lucrative business, offering free service in exchange as trojan horses, now that is really concerning.
Score: 1 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
92 months ago
Congrats to the White Hat hackers. A win for all involved.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

Apple Shopping Event 2025

Apple Announces 2025 Black Friday Event, Here's What You Can Get

Thursday November 20, 2025 6:28 am PST by
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 28 through Monday, December 1 in many countries, including the United States, Canada, Australia, New Zealand, France, Germany, Italy, Spain, the United Kingdom, Belgium, the Netherlands, Sweden, Thailand, and others. During the shopping event, customers can get an Apple gift card with...
Read Full Article41 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Wednesday November 19, 2025 4:00 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article101 comments
iOS 26

iOS 26.2 Adds These New Features to Your iPhone

Thursday November 20, 2025 10:50 am PST by
iOS 26.2 is currently in beta testing. The upcoming update includes a handful of new features and changes on the iPhone, including a new Liquid Glass slider for the Lock Screen's clock, offline lyrics for Apple Music, and more. In a recent press release, Apple confirmed that iOS 26.2 will be released to all users in December, but it did not provide a specific release date. Keep reading...
Read Full Article27 comments
hikawa phone grip stand apple%402x

Apple Launches Second Limited-Edition iPhone Accessory in a Month

Friday November 21, 2025 3:53 am PST by
Apple has begun selling the Hikawa Phone Grip and Stand, a new limited-edition iPhone accessory designed with accessibility in mind. Designed by LA-based Bailey Hikawa to celebrate the 40th anniversary of accessibility at Apple, the grip uses magnets to securely snap onto any iPhone with MagSafe. Apple says it can be removed with ease, and doubles as a stand with two different viewing...
Read Full Article120 comments
ipad mini 7 feature red and blue

iPad Mini 8: Four Major New Features to Expect

Wednesday November 19, 2025 7:50 am PST by
Apple's eighth-generation iPad mini is highly likely to arrive next year, offering a significant refresh of the device with at least four major new features. OLED Display The next-generation version of the iPad mini could feature an OLED display, as part of Apple's plan to expand the display technology across many more of its devices. Apple's first OLED device was the Apple Watch in 2015, ...
Read Full Article67 comments
applecare apple care banner

Apple Brings New AppleCare+ Options to India

Tuesday November 18, 2025 8:42 am PST by
Apple today announced an expansion of AppleCare+ coverage in India, with new options for monthly and annual plans, and the addition of Theft and Loss for iPhone for the first time. Options for monthly and annual AppleCare+ plans in India provide more choice and flexibility, allowing users to keep coverage for as long as they require. Apple's vice president of Worldwide iPhone Product...
Read Full Article6 comments
watchos 26 workout app

Apple Watch Users Claim Workout App Is Now Worse in Every Way

Thursday November 20, 2025 7:01 am PST by
Apple Watch owners have been voicing their frustration online over changes to the Workout app that Apple introduced in watchOS 26, with many finding the redesigned interface makes starting exercises difficult and exasperating. When Apple launched watchOS 26 in September, the Workout app went from large, easily tapped workout tiles to a scrolling, corner-button interface. Instead of tapping a ...
Read Full Article225 comments
apple wallet drivers license feature iPhone 15 pro

Two More U.S. States Commit to Offering iPhone Driver's Licenses in Apple Wallet App

Thursday November 20, 2025 8:21 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. Earlier this week, Illinois became the 13th state in the U.S. to offer the feature. Subsequently, we shared a list of additional states that are committed...
Read Full Article38 comments
android iphone airdrop quickshare

iPhone Users Can Now AirDrop Files to Android Devices

Thursday November 20, 2025 9:47 am PST by
Google today announced a new cross-platform feature that allows for file sharing between iPhone and Android users. With AirDrop on the iPhone and QuickShare on Pixel 10 devices, there is a new file transfer function available. The file sharing option works on Apple devices that include iPhone, iPad, and Mac, along with the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, and Pixel 10 Fold....
Read Full Article121 comments
ipad black friday 2025

The Best Early Black Friday iPad Deals

Thursday November 20, 2025 10:20 am PST by
Black Friday is just over a week away, and iPad deals have finally started to flood in at retailers like Amazon and Best Buy. Below we're tracking discounts on every current generation iPad, including lowest-ever prices on M3 iPad Air and M5 iPad Pro, plus steep markdowns on iPad and iPad mini. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a ...
Read Full Article7 comments