Zerodium, which had announced to pay $1 million USD to those
that could provide a good iOS 9 jailbreak, finally made it public via
twitter that some hackers have won $1 million by finding a remote jailbreak of
an iPhone.
“Our iOS #0day bounty has expired & we have one winning
team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered).
Congrats!,” Zerodium tweeted on November 2.
Last month, the company launched "The Million Dollar
iOS 9 Bug Bounty" program which aimed to buy an "exclusive,
browser-based, and untethered jailbreak" for Apple's latest mobile
operating system,
However, the company has not revealed the winner names or
any further details.
A news published in Forbes Magazine, reported that the
winners must have spent a significant amount of time trying to meet the tough
requirements of the $1 million bounty: a remote attack that successfully took
control of an iPhone via either Apple’s Safari browser, Google GOOGL +0.13%
competitor Chrome or a text message. The $1 million bounty also required
exploits work on the iPhone 6 or 6S, not any earlier models.
As per the news report, it had contacted the Zerodium’s
founder, Chaouki Bekrar, however, he had not commented on it.
“The winning team has submitted the exploits just a few
hours before the expiration of the Zerodium bounty as they have been working
very hard to finish and polish the code until the last day. The exploit chain
includes a number of vulnerabilities affecting both Google Chrome browser and
iOS, and bypassing almost all mitigations in place. The exploit is still being
extensively tested by Zerodium to understand each of the underlying
vulnerabilities,” the founder added.