Richard Zhu and Amat Cama, two white hat hackers, recently teamed up at the Mobile Pwn2Own contest in Tokyo and ended up earning a $60,000 prize after finding an iPhone exploit, according to a blog post on the Zero Day Initiative website.


The duo used a Safari weakness on an iPhone X running iOS 12.1 to retrieve a photo that had recently been deleted from the device. The hackers used a malicious Wi-Fi access point to exploit a just-in-time (JIT) compiler vulnerability.


The exploit the two hackers discovered can also be used to access additional files beyond deleted photos; the deleted photo just happened to be the first file the two came across and so it was used as a demonstration.

Next up, Amat and Richard returned to the Short Distance category. This time, they were targeting the iPhone X over Wi-Fi. They used a pair of bugs – a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation. The successful demonstration earned them $60,000 USD more and 10 additional Master of Pwn points. This ends their first day of competition with $140,000 USD and a commanding lead for the Master of Pwn with 31 points.

With the prize money and points awarded from the iPhone vulnerability along with other exploits shown off at the event, Zhu and Cama won the "Master of Pwn" title.

pwn2owntokyo
Apple has been informed of the vulnerability and will likely address it in an upcoming iOS update.

Top Rated Comments

tridley68 Avatar
tridley68
55 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Score: 5 Votes (Like | Disagree)
Sasparilla Avatar
Sasparilla
55 months ago
This is an annual competition and while it seems bad on the surface, its actually good - all these exploits (which are out there and probably being used by others) will now get closed.

The more of this the better. The picture of the two heroes are awesome....so young, gotta be college or just out.

I'd love to see Apple put serious money out there for prizes to entice folks who might sell such things to bad actors or governments instead (there is such a market with big money involved).
Score: 5 Votes (Like | Disagree)
mmcneil Avatar
mmcneil
55 months ago
Love the white hats, congratulations to some serious and extremely young hackers. Great careers ahead for both!! Completely agree that Apple should participate in the bug bounty system to encourage the good guys!!!
Score: 2 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
55 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Why would they? pwn2own is an annual contest. there were vulnerabilities last year, there are vulnerabilities this year, and there will be vulnerabilities next year. Hiring the researchers who find them (vulns) is no guarantee they'll strengthen their security. They'd end up with a boatload of researchers and still have the systems exploited every year. Security is an ongoing exercise.
Score: 1 Votes (Like | Disagree)
PJivan Avatar
PJivan
55 months ago
The 3-letter agencies can not access our data. Ohh, wait...
0 days will always exist, the differences is that agencies keep them for themselves.
What you should expect from a company is to do their best to protect their customers. The bigger issues in today it world is that a chunk of companies found out that personal data is an extremely lucrative business, offering free service in exchange as trojan horses, now that is really concerning.
Score: 1 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
55 months ago
Congrats to the White Hat hackers. A win for all involved.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

Multi Display CarPlay 1

Apple Launching All-New CarPlay Experience Later This Year With These 5 Features

Sunday January 29, 2023 10:15 am PST by
In June 2022, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, personalization options, and more. Apple says the first vehicles with support for the next-generation CarPlay experience will be announced in late 2023, with committed automakers including Acura, Audi,...
Read Full Article
dewey airtag

Report Highlights Danger of Using AirTags for Tracking Dogs

Monday January 30, 2023 1:45 pm PST by
AirTags may be a convenient way for tracking dogs that might get off leash or otherwise lost, but there are dangers associated with the practice, as outlined by a report from The Wall Street Journal. At 1.26 inches in diameter, AirTags are able to fit easily on a dog's collar, but that size also makes the tracking devices small enough to swallow, at least for a medium to large-sized dog, and ...
Read Full Article82 comments
maxresdefault

Kuo: Apple to Release Foldable iPad With Carbon Fiber Kickstand in 2024

Monday January 30, 2023 12:55 am PST by
Apple will launch a foldable iPad with a carbon fiber kickstand sometime next year, according to analyst Ming-Chi Kuo. Subscribe to the MacRumors YouTube channel for more videos. In a series of tweets, Kuo said he expects an "all-new design foldable iPad" to be the next big product launch in the iPad lineup, with no other major iPad releases in the next nine to 12 months. The analyst said he...
Read Full Article214 comments
tim cook data privacy day

Apple Violated U.S. Labor Laws With Anti-Leak Email

Monday January 30, 2023 3:43 pm PST by
Apple violated United States labor laws when it sent out an email warning employees about leaking confidential information about the company, the National Labor Relations Board (NLRB) said today in a ruling shared by Bloomberg. Rules that Apple has established around leaks "tend to interfere with, restrain or coerce employees" from the exercise of their rights under the National Labor...
Read Full Article178 comments
top stories 28jan2023

Top Stories: iOS 16.3 Released, iPhone 15 Pro Rumors, macOS Tips and Tricks, and More

Saturday January 28, 2023 6:00 am PST by
Following last week's hardware announcements, this week saw the actual release of several of the new products as well as operating system updates bringing new features and bug fixes across Apple's platforms. This week also saw some fresh rumors about the iPhone 15 lineup and Apple's upcoming AR/VR headset, while we shared some tips to help you get the most of your macOS experience, so read...
Read Full Article19 comments
iphone 15 pro wifi 6e

Internal Apple Document From Leaker 'Unknownz21' Confirms Wi-Fi 6E Will Be Limited to iPhone 15 Pro Models

Friday January 27, 2023 10:01 am PST by
Multiple rumors have suggested that the next-generation iPhone 15 models will adopt the Wi-Fi 6E standard that Apple has already introduced in the iPad Pro and MacBook Pro, and now a leaked document appears to confirm Apple's plans. Sourced from researcher and Apple leaker Unknownz21 (@URedditor), the document features diagrams of the iPhone 15's antenna architecture. D8x refers to the...
Read Full Article232 comments
iPhone 14 Pro Purple Side Perspective Feature Purple

iPhone 15 Pro Rumored to Have These 8 Features

Friday January 27, 2023 2:11 pm PST by
Apple's next-generation iPhone 15 Pro and iPhone 15 Pro Max are expected to be announced in September as usual. Already, rumors suggest the devices will have at least eight exclusive features not available on the standard iPhone 15 and iPhone 15 Plus. An overview of the eight features rumored to be exclusive to iPhone 15 Pro models:A17 chip: iPhone 15 Pro models will be equipped with an A17...
Read Full Article