Browser-Based iOS 9.1/9.2 Jailbreak Wins $1M Bounty, Will Be Sold for Corporate and Government Use

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,155
10,513



Earlier this month, exploit acquisition platform Zerodium debuted an iOS 9 bug bounty that would pay out up to three million dollars to hackers who managed to develop a browser-based untethered jailbreak for iOS 9, which it could then sell to clients interested in shelling out a lot of money to gain illicit access to iOS devices.

The contest expired at the end of October, and Zerodium today announced one hacking team had successfully created a browser-based jailbreak for iOS 9.1 and iOS 9.2, the latest versions of iOS 9, earning $1 million.

Zerodium foundar Chaouki Bekrar told Wired that the exploit developed by the hackers will be given to its customers, which include major technology, finance, and defense corporations, along with government agencies. The contest rules required the exploit to be achievable remotely without requiring user interaction beyond reading a text message or visiting a website via Chrome or Safari on an iOS device.
Bekrar confirmed that Zerodium plans to reveal the technical details of the technique to its customers, whom the company has described as "major corporations in defense, technology, and finance" seeking zero-day attack protection as well as "government organizations in need of specific and tailored cybersecurity capabilities."
Because it's selling the jailbreak ("likely" to U.S. customers only), Zerodium does not plan to report the vulnerabilities in the operating system to Apple, though Bekrar says the company may share the details at a later date. The jailbreak also won't be provided to the general public, but Bekrar says Zerodium announced the results of the contest to remind people that while iOS security is "very hardened," it's not unbreakable.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Browser-Based iOS 9.1/9.2 Jailbreak Wins $1M Bounty, Will Be Sold for Corporate and Government Use
 

locoboi187

macrumors 6502a
Oct 3, 2012
647
234
This is very very bad. This is going to be abused by either our government or another malicious party. For example, all one would need to do is inject the exploit in an unencrypted WiFi to gain complete control over a phone since this is a browser based hack.
 

agsystems

macrumors 65816
Aug 1, 2013
1,031
913
So use your TouchID, 6 digit, or alphanumeric passcodes and this root will not be able to be executed against you.
From the technical side, I am interested on how this was done - a browser based exploit escape the sandbox and was able to execute as root - sounds like a great accomplishment - god blessed whoever they will target with this.
 

KALLT

macrumors 603
Sep 23, 2008
5,141
3,189
Folks, this is just a jailbreak, it's neither illegal, nor can it be applied to a phone whose owner doesn't want it, just like all the other jailbreaks over the years.
The contest rules required the exploit to be achievable remotely without requiring user interaction beyond reading a text message or visiting a website via Chrome or Safari on an iOS device.
What do you think a jailbreak is? It's just a fancy name for an exploit that you want to use. If applied against your will or without your knowledge it is simply malware.
 

parapup

macrumors 65816
Oct 31, 2006
1,291
49
Folks, this is just a jailbreak, it's neither illegal, nor can it be applied to a phone whose owner doesn't want it, just like all the other jailbreaks over the years.
Umm no - if the below quote doesn't make it clear, I am not sure what will -

Bekrar confirmed that Zerodium plans to reveal the technical details of the technique to its customers, whom the company has described as "major corporations in defense, technology, and finance" seeking zero-day attack protection as well as "government organizations in need of specific and tailored cybersecurity capabilities."
Jailbreaks aren't magic fairy dust that only do their magic when you want them to - they are plain old root exploits that anyone can use against you without your knowledge - compromised ad servers, websites etc can install software without you knowing - just by visiting the wrong site / URL, knowingly or unknowingly.
 
Last edited:

Trik

macrumors 6502
Jan 18, 2011
322
754
Washington, DC
I think there is some confusion about what a jailbreak is... "jailbreaking" your phone IS something you can choose to do for sure, but it is also the method by which hackers will use to get at the information on your phone or install malicious code to monitor your usage after the fact. This is an untethered jailbreak that runs via a URL. So an email with a short URL can jailbreak your phone, and you wouldn't even know it happened unless you're constantly looking for that sort of thing.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.