Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

iPhone jailbreak sees hackers claim $1 million reward

Compared to its Android and Windows counterparts, Apple software is notoriously tough to hack.

A staggering $1 million bounty has been paid out to a team of hackers that cracked Apple’s latest iOS version.

The bounty required the hackers to perform a remote jailbreak – that means no physical access to the device – which is an impressive feat.

More astonishing still is that the exploit was zero-day, which means that the security hole was not publicly known.

The challenge, offered by cybersecurity start-up Zerodium, required hackers to remotely jailbreak a new iPhone or iPad running iOS 9.1/9.2b.

To win the prize, hackers needed to instigate a full jailbreak, which lets an individual install any app with full privileges.

According to the terms, the exploit would need to be routed remotely though either the Safari or Chrome web browser or, alternatively, a text message.

“Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak,” explains Chaouki Bekrar, Zerodium founder, as reported by Motherboard.

The winning team has not yet been identified, although we do know that at least two groups were attempting to bag the bounty.

Two teams have been actively working on the challenge but only one has made a full and remote jailbreak,” reveals Bekrar.

He adds: “The other team made a partial jailbreak and they may qualify for a partial bounty.”

According to Bekrar, the winning team submitted the exploits “just a few hours” before the bounty expired.

The winning team reportedly found a “number of vulnerabilities” in Google’s Chrome browser and Apple’s iOS.

Zerodium is a for-profit enterprise, and will now sell on the secrets to any number of clients.

These customers are described as “major corporations in defense, technology, and finance”, and “government organisations in need of specific and tailored cybersecurity capabilities”.

Related: iPhone 6S vs iPhone 6

Bekrar also confirmed that Zerodium won’t immediately report the exploit to Apple.

However, he did state that he believes the challenge is a big publicity boost for Apple.

“This challenge is one of the best advertisements for Apple as it has confirmed once again that iOS security is real and not just about marketing,” he explains.

Bekrar continues: “No software other than iOS really deserves such a high bug bounty.”

Check out our iOS 9 features video guide below:

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.