Analecta Cyber Company Blog: Team claims $1 million prize for remotely jailbreaking iOS 9.1 and 9.2

2015-11-13

Team claims $1 million prize for remotely jailbreaking iOS 9.1 and 9.2

Back in September, the startup company Zerodium, which calls itself the top “zero-day vulnerability and exploit acquisition program,” offered a huge prize for anyone who could create and submit to them an exclusive, browser-based and untethered jailbreak for the latest Apple iOS 9 (iOS 9.1 and the 9.2 beta) operating system and devices. The potential haul: $1 million.

The company’s founder recently confirmed that an anonymous team has claimed that million-dollar bounty just hours before the contest deadline.

The task was made exceedingly complicated by the requirement that the hack go through the Safari or Chrome web browsers, or through an SMS or MMS message. To do this, someone has to find out a new string of bugs never used before.

Details of technique not released

Zerodium refused to present any information as to how the winning team was able to break the software but said it was through a combination of Chrome and iOS vulnerabilities.

It was reported that the U.S. National Security Agency is one of the parties looking to acquire the winning technique. And if the NSA gets a hold of that process, that could mean the agency will be able to get around the security protection of Apple’s latest devices and interfere with a device at will.

However, it is expected that, Apple, being currently the most secure mobile operating system and currently the most complex when it comes to its system protection, will immediately patch the system’s vulnerabilities.