A team of hackers has just won $1 million bounty after remotely jailbreaking an iPhone (deemed by security researchers as secure and toilsome to hack) which comes equipped with Apple's newest mobile operating system, iOS 9.
The reward was given by Zerodium last month. This startup is renowned in discovering, buying and selling zero-days. For those who still don't know what zero-days are, these are new vulnerabilities which have not yet been fixed.
Zerodium has made the announcement via Twitter.
In September, the firm put up a challenge for "an exclusive, browser-based and untethered jailbreak for the latest Apple iOS 9 operating system and devices." The challenge was set to lapse on Oct. 31.
The founder of Zerodium and a notable zero-day hunter Chaouki Bekrar say that the two competing teams have presented their entries. However, only one of these two teams have successfully carried out a "remote and full browser-based" jailbreak for Apple's newest iOS versions, iOS 9.1 and 9.2.
"The other team has a partial jailbreak and they may qualify for a partial reward (still under discussion)," says Bekrar.
The company, though, does not go into details as to who the winners of the challenge are and how much it plans to sell the discovery.
Zerodium and its predecessor VUPEN has a unique business model. Instead of selling the exploit to tech companies so that vulnerabilities will get patched, it instead keeps these flaws confidential and only discloses them to its government clients, which include the NSA.
Bekrar says that the challenge the company set is one of the best advertisements for the Cupertino-based company's mobile OS as it substantiates once again that iOS security isn't just about marketing, it is real.
"No software other than iOS really deserves such a high bug bounty," claims Bekrar.
Meanwhile, Patrick Wardle, Synack's director of research, says that Apple's OS is not necessarily more bug-free than other OSs. In fact, he said, with every new release, Apple fixes a bunch of security problems.