When Apple released iOS 9.1 last month, it closed an exploit that was used in the development of the most recent jailbreak software. As with every new iOS release, users were forced to choose whether they wanted to upgrade to the latest version of the operating system or stay on a slightly outdated version in order to preserve their jailbreak.
While that hasn’t changed today, a new bit of information from Zerodium has revealed that it is possible to jailbreak iOS 9.1—and the new iOS 9.2 beta—without even needing to plug it into a computer.
[tweet https://twitter.com/Zerodium/status/661240316331069443 align=’center’]
Browser-based jailbreaks have been a thing of the past for several years now, but Zerodium says it has awarded a $1 million bounty to one team of developers who managed to put together a new hack for modern iOS versions. Unfortunately, it’s not expected that users will ever benefit from this specific discovery. Zeroidum is in the business of buying exploits, not releasing jailbreaks, and after spending $1 million on this one, it’s not likely they’d release it to the public.
So while the developers who discovered this particular trick probably won’t be pushing out a 9.1 jailbreak anytime soon, users can at least rest assured that it is possible to create a JailbreakMe.com-style jailbreak for today’s software. Whether anyone will put this type of exploit to use is yet to be seen.
FTC: We use income earning auto affiliate links. More.
Wow… Browser based jailbreak. That takes me wayyyy back
“Slide to jailbreak” *stares fondy into the distance*
FBI/NSA…and British Governments are drooling
Apple has to buy this guy. I don’t want to have an OS with this kind of 0day being sold by 1 million.
If you “rest assured” in the fact that your phone’s entire security model can be compromised from visiting a rogue website, then you might be a complete moron.
If you can’t spot the fact that your phone is installing software and changing things without your permission, you might also be a complete moron.
Are you trying to be ironic? Or do you genuinely not see the difference between software installing automatically from trusted sources(oh, and lets not forget “changing ‘things'”) and a browser executing a payload that can compromise your entire system without your consent? One is par for the course for modern software distribution, the other is a gaping security hole.
My point is that if the iOS browser was executing a payload that can compromise your entire system without your consent, you would see it happening. It won’t just start running something in the background without your permission. There are reboots and other extremely noticeable steps involved in these types of exploits. A person would see it happening.
Mike:
You are sadly mistaken. Such a compromise could be installed completely automatically, remotely, silently, and in the background.
There would be absolutely nothing for the user to see, unless the user can see a few thousand bytes of code get added to the running kernel.
But is it true? Or is it just a method to build press?
A million is a lot of cash to give away. Let’s assume that if they sell this exploit, they’ll charge a smooth 10 million. After all, they need to comfortably cover their risks and costs.
God, i remember there being one of these in the good old iOS 4 days… although this does show the danger of websites nowadays, imagine anyone getting root access to your device with a website… pretty cool to have for jailbreak, but scary possibilities.
iPhone OS 1.1.2. That was mindblowing when somebody managed to do the first web-based jailbreak back then!
A million is a lot of cash to give away. Let’s assume that if they sell this exploit, they’ll charge a smooth 5-10 million. After all, they need to comfortably cover their risks and costs.
This is a lot of money even for a large firm. This will likely be sold to organized crime or a foreign government. I’d expect all to be revealed by a government accusing them of trafficking with organized crime.
That’s one way. One other way would be to sell the expertise, “look, we know all the latest zero days”. One million is a lot, but it’s not that much money in marketing terms. Or in terms of r&d.
If someone figured it out for a million, someone else will figure out out to screw Zerodium. If no one does, it’s probably BS.
They have an exploit that exists in the user land that has already been packaged and can be deployed via web? Did they actually disclose this to you or is this an extrapolation? I know there were 3 bounties. Were they all filled by the same analyst with 3 different exploits? Or is this just an expiration date issue? I would like to report on this but can’t until I find out if you have confirmed with Zerodium that all of their demands were met.
If you are just going by the tweet..,that’s cool too. But actually Zerodium claiming they have a comex-esque remote solution is a bold statement.
I couldn’t propagate that without a demo. These guys are an exploit broker, not a process creator.
Save it for 9.2.1 please…