Unnamed hacking team picks up $1m prize for iOS 9 zero-day
Zerodium says exploit takes advantage of 'a number of' vulnerabilities in Chrome and iOS 9
An unnamed hacking team has claimed a $1m prize for finding a remote exploit for the latest version of Apple's mobile operating system, iOS 9.
The prize was handed out by Zerodium, which describes itself as a premium exploit platform. It provides clients - large corporations and governments - with exclusive exploits for various pieces of software. Earlier in the year, the company came to prominence with the announcement of a $1m prize for anyone who could provide it with an exclusive zero-day exploit for iOS 9.
The prize was claimed within hours of the competition deadline, the company said in an announcement. The criteria of the assignment was that the exploit had to deliver an "exclusive, browser-based, and untethered jailbreak". Zerodium also said that it wanted the exploit to offer the "remote, privileged, and persistent installation of an arbitrary app" on an updated iOS 9 device, following a visit to a malicious web page in Safari or Chrome, or through a link in an SMS message.
Pangu, a Chinese research team, has already jailbroken iOS 9, but that team's jailbreak is publicly available, and cannot be carried out remotely.
The team that will be picking up the Zerodium bounty, however, found a way to remotely jailbreak devices running iOS 9 through "a number of vulnerabilities" in both Chrome and iOS 9.
Naturally, according to Zerodium's business plan, the vulnerability will not be made public, and will instead be offered to the company's customers.