Browser-based Untethered iOS 9.1 Jailbreak wins $1 million bounty; won’t be released to the public

Zerodium iOS 9.1 jailbreak

ZERODIUM, a premium zero-day acquisition platform, had announced a $1 million dollar bounty for an untethered browser-based jailbreak for iOS 9 immediately after the iOS software update was released.

Zerodium today announced that a hacking team has created a browser-based jailbreak for iOS 9.1, the latest software update, to win the $1 million bounty. The jailbreak also works on iOS 9.2, which has currently been seeded to developers. Apple had patched two vulnerabilities in iOS 9.1 used by the Pangu Jailbreak.

It is quite an incredible achievement as browser-based exploit is considered extremely difficult. They are also the easiest ways to jailbreak iPhone, iPad or iPod touch. The last browser-based jailbreak for iOS devices was JailbreakMe that was released back in 2011 by comex, a well-known hacker.

Zerodium will be providing the iOS 9.1/iOS 9.2 jailbreak to “customers, whom the company has described as major corporations in defense, technology, and finance seeking zero-day attack protection as well as government organizations in need of specific and tailored cybersecurity capabilities.” The company doesn’t plan to release it to the public, nor does it plan to reveal the vulnerabilities to Apple, though Zerodium founder Chaouki Bekrar said that they might share the details in the future.

It is disappointing that the iOS 9.1 jailbreak that won the $1 million prize money won’t be released to the public, but silver lining from the news is that iOS 9.1/iOS 9.2 can be jailbroken. It remains to be seen if Pangu team or other jailbreak teams can discover the exploits in iOS 9.1/iOS 9.2.

We’ll let you know as soon as we’ve any further updates about the iOS 9 jailbreak. Don’t forget to join our Facebook Fan pagefollow us on Twitteradd us to your circles on Google+subscribe to our RSS feed, our Daily Newsletter or subscribe to our all-new push notifications on your Mac in Safari for the latest updates.

[via Wired]