Apple’s iOS devices are generally pretty secure and difficult to hack in to, so bug bounty company, Zerodium put its money where its mouth is and offered hackers a $1 million reward if they could find a remote way to jailbreak iOS 9.1 untethered via the web browser. As luck (or insane skill) would have it, one group pulled it off and managed to claim the reward.
In order for people to participate in the bounty, Zerodium required the exploit to use either Safari/Chrome or a text message. With the jailbreak put in place remotely, Zerodium also wanted full device privileges, allowing them to do whatever they wanted once they found their way in.
The last time a remote jailbreak was pulled off, it was done so with iOS 7. Additionally, it wasn’t a reliable exploit as it depended on many other factors to actually work. Zerodium announced that its bounty reward period has expired and revealed that only one team managed to remotely jailbreak iOS 9.1, though identities are being left anonymous.
The reward for the hack was huge and now, Zerodium could potentially sell it off to an even bigger company in order to turn a profit, which would be a pretty awful way for things to go and would pose as a major security risk. However, one would hope that Apple figures this all out and fixes whatever security hole is there before the exploit is shown off to more people.
Discuss on our Facebook page, HERE.
KitGuru Says: This is a bit of a controversial one as Zerodium has essentially spent a hefty amount of cash to develop an exploit that would allow them to remotely take over iOS 9.1 devices and install any app they wanted. This also means that there is a security hole in Apple’s system that needs to be patched, so hopefully Apple’s own team can figure this one out and patch it up before the exploit gets released or passed around any more.