zerodium bounty

Vulnerability and exploit acquisition platform Zerodium announced today that the million dollar bounty it had put together has expired, noting that a team of researchers has won the prize. Launched in September of this year, the bounty program aimed at rewarding anyone one who would come forward with an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.”

It looks like they have their winners, as a team who made a remote browser-based iOS 9.1 and iOS 9.2 beta untethered jailbreak has apparently come forward. But don’t get your hopes too high.

Zerodium is a company that acquires zero day exploits from security researchers in order to sell them to high paying customers, those customers usually being corporations or governments. Even if the news is indeed true, that exploit will not make its way to a jailbreak that could be available for people like you and me. If anything, this could be used by government agencies to hack into targets’ iPhones in order to retrieve information.

In essence, this is a one million dollar jailbreak you can’t have! I must say I am a bit skeptical about all this, but maybe I’m just too cynical. It is very unlikely Zerodium will disclose additional details about this, so we’ll just have to take their word for it.

Thanks PJ for the tip!

  • techfreak23

    JailbreakMe all over again! Where is Pangu or Taig on this one…?

    • Manuel Molina

      Jailbreakme was so beast. Comex is missed dearly.

    • I miss the days of walking into a cellphone store and jailbreaking all their iPhones… haha

  • Merman123

    Apple security team had this as homework lol

  • Quite worrying. The original bounty said that they were looking for an exploit that can gain complete control over the device through the Internet browser without the user’s knowledge. Isn’t this more similar to malware and other privacy invasive attacks? As stated in the article, fact that they now have one on their hands means that potentially they will sell it on to certain agencies to remotely access people’s devices without their permission.

    Oh, and they’ll probably sell it for much more than the $1 million that they offered to whoever discovered the exploit.

  • XZavier

    I think it would be better if Pangu or Taig didn’t do this, in fact Pangu is avoiding it, because of how dangerous/risky of a jailbreak it is :

    • socrates

      How is a 9.1 jailbreak risky? They jailbroken 9.0-9.0.2 fine, despite a couple boot loops. I’m curious.

      • XZavier

        Do you mean a jailbreak in general? Because that would be fine, but this specific type of jailbreak in this article is dangerous, because all anyone would have to do is send you a link and they could hack into your phone.

      • socrates

        Ah, I did not understand that you were focusing on the /type/ of jailbreak. That is worthy of risk.

      • (JailbreakQA) King Shoot

        That’s why you install a patch after the jailbreak to close that vulnerability.

        For example, after jailbreaking 4.3.3, users were advised to install PDF Patch, which, ironically, closes the same hole that allowed you to jailbreak in the first place.

  • The Guy

    The funny part is that people really don’t understand how simple exploits like these are and dangerous… a good friend of mine has been able to do exactly this on every iOS version that has come out but he explains that he will never make it available because of how insecure it is. Nothing is impenetrable. Hint of how this works to fellow hacks, the way out is the way in. 🙂

    • f96lrs

      yea right

    • askep3

      So he can jailbreak his own phone? Is he able to install Cydia?

    • Dan

      Pretty ethical of him, no being swayed by a million dollars and all.

  • Arjan Vlek

    Saurik could buy it and release it for the community for a small price ($10 / user). 100.000 installs and he has the money back!

    • Bugs Bunnay

      So damn true

    • askep3

      Kinda like an elite jailbreak

    • The problem is that people wouldn’t pay for it. Some would, but I bet most people would just wait to download a pirated version of the installer or try to find the link on their own without paying. And I think even Saurik himself has spoken out against a paid jailbreak.

  • Cristian B


  • askep3

    So technically the only way to stay safe is to jailbreak yourself and change the ssh root password right?

  • Focus3d

    I didn’t know about this until now and I wish I still didn’t know. If it’s not available to the public, like myself, I don’t care. Sure, it’d be great if current computer-based programs made by Pangu or Taig made a browser based jailbreak, but that is big bucks and personally I don’t see it happening for years and even than it wouldn’t be worth it. JailbreakMe is perfect for devices running the software it can jailbreak, but most of us have a recent release of a device that don’t run that software, especially since it is, what, like 6 years old now? Either way, I don’t think Pangu or Taig Devs would want to do this no matter how easy this would be.

    • Justin Bates

      It has nothing to do with the ease and the money. It’s all about the security of the jailbreak. A remote, browser based jailbreak is a horrendous idea for the security of your device and personal information

  • well this is all good news for them but how do we block the exploit lol.

    • Unfortunately we can’t. Since it’s a zero-day exploit, it means that no-one else in the world other than the discoverer knows how it works and how to execute it. Unless they release the full details (unlikely) or someone else manages to discover the same exact exploit (slightly more likely), its inner workings won’t ever be known.

  • Sparta

    Now what if Apple finds it and blocks it, or may be a month later Apple releases a patch. Zerodium money will be lost 😀

  • Ray Blakemore

    Apple will be the company buying this jailbreak

  • OnlyTruth

    Browser based jailbreak?
    Does this mean that they can install it even on icloud blocked devices?

    • (JailbreakQA) King Shoot

      Sure, if you can bypass the activation screen first. Though it wouldn’t be much of a help if you jailbroke, you still need to activativate using the Apple ID and password.

  • NotTodayThx

    for all the ppl that are shocked or etc, this is an exploit that will primarily be used against ‘state actors’ by the likes of the NSA, the problem arises when they start using these spoilts to get info on innocent citizens,
    make no mistake about it, the US wants you to have NO privacy,
    oh and for anyone in any doubt, this exploit allows access to the vics iPhone thru a browser, it will have full fs access and the user of the phone won’t even know anyone’s been in.

  • Mohammed Khaled

    Man I am worried that this would be bought by government and wouldn’t be ever given to Apple to patch it out. And govts. would be using this to spy on us iOS users.

    • NotTodayThx

      the US .GOV and it’s agency’s have access to your life with Apple assistance regardless of what you see on the controlled media. plus they have certificate authorities etc etc etc
      unless you are actively exercising your privacy rights using encryption, tor, pgp etc, everything is wide open. every app on the appstore for privacy is hobbled, and they just passed a sneaky version of cispa under another name, which makes it law that any company/entity must collect and give any data requested,

      • Mohammed Khaled

        then why would govt ask apple to build backdoors in ios and other platform like in the UK or USA?

  • Apple: “Oh shit”

  • Rahimo

    Sounds promising !!

  • David Donovan

    browser-based, beast.

  • Gabriel Diaz

    Is it bad that I’m still hopeful for a public 9.1 jailbreak??! I BELIEVE!