An anonymous hacker group has remotely jailbroken a new iPhone running iOS 9.1, winning themselves a cool $1 million from startup Zerodium (self-described as a "premium exploit acquisition platform"). The winnings are pending final verification of the exploit, but results at this stage look good.
To put the difficulty of this feat in context: a chain of zero-day bugs needed to be found, the hack needed to be remote (much more difficult -- Chinese hacking team Pangu already hacked the new iPhone, but couldn't do it remotely) and made through Safari, Chrome, or a text or multimedia message, and full system access needed to be obtained. An iPhone has not been remotely jailbroken for over a year, since iOS 7. Zerodium says Apple will likely patch these bugs "in a few weeks to a few months".
The winning team was one of two to take on the challenge. Both found themselves stuck, but eventually one found a way via Chrome and iOS, just a few hours before the challenge was to end.
Independent security researcher Jonathan Zdziarski, who has researched Apple devices for quite some time now, is skeptical the group will actually be paid, saying, "Finding a suitable exploit isn't shocking...seeing them actually pay out will be. I'm not sure anyone really believes it until they see it. But props if they do."
Concerningly, as part of its business model, Zerodium won't offer the results to anyone but government clientele like the NSA and FBI, which would very much like to make use of it for spying purposes.