A hacking team has managed to walk away with a $1 million prize after providing a notorious zero-day exploit to Zerodium, a firm that specializes in acquiring zero-day exploits from around the world.
According to the firm, the team that won the bounty had entered the competition just hours before the Oct. 31 deadline. To get the hefty bounty, the team found vulnerabilities in Google's Chrome web browser and in Apple's iOS 9, the latest operating system for its iOS line of mobile devices.
The vulnerability could allow anyone to gain access to and jailbreak an iPhone or iPad running iOS 9 remotely. Apple should be concerned since Zerodium now has all rights to this exploit, which could accidently end up in the wrong hands.
Just last month, the firm Zerodium challenged hackers to come up with methods to remotely jailbreak iPhone and iPads powered by Apple's latest iOS 9. The rule was simple: find the exploit by using the Google Chrome web browser or Apple's Safari, or even a text message or multimedia message.
Such an exploit could allow attackers to remotely install dangerous apps on a device, posing some serious security risks.
"Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak," Zerodium explained in a message to Motherboard.
Zerodium did not disclose the identity of the millionaire team or the exact vulnerabilities targeted by the exploit in fear that the wrong people might get a hold of the hack. It is quite possible Zerodium might sell the exploit, but it remains to be seen if, when and to whom it will sell it.
The competition began in September when Zerodium made the announcement. The plan was to give away up to $3 million to security researchers and jailbreak developers who could perform the tasks required. Each team or individual could only walk away with $1 million and from what we can tell, only one team was smart enough to break the ice.
Photo: Faris Algosaibi | Flickr