Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

by

Trend Micro's annual Mobile Pwn2Own contest took place in Tokyo, Japan today at the PacSec security conference, and security researchers spent the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.


Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system, was successfully breached twice by Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.

They used a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot. They earned $60,000 for the WiFi exploit and added $50,000 for the persistence bonus - a total of $110,000 and 11 Master of Pwn points.

Tencent Keen Security Lab was on the clock once more as they targeted the Safari Browser on the Apple iPhone 7. It took them just a few seconds to successfully demonstrate their exploit, which needed only two bugs - one in the browser and one in a system service to allow their rogue app to persist through a reboot. As the second finisher in the Browser category, they earned half of the cash award at $45,000, but still earned the full 13 Master of Pwn points.

Security researcher Richard Zhu was also able to leverage two bugs to exploit the Safari browser and escape the sandbox to successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.

Along with the iPhone 7, researchers were able to find exploits for the Samsung Galaxy S8 and the Huawei Mate 9 Pro, earning a total of $350,000.

Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers for disclosing major vulnerabilities to tech companies like Apple and Google.

Pwn2Own continues on through tomorrow, so additional exploits may be uncovered. Apple representatives have been known to attend Pwn2Own competitions in past years, and all vulnerabilities discovered are disclosed to Apple. The company then has 90 days to produce patches for all iOS-related bugs before they're publicly disclosed.

Tag: Pwn2Own

Popular Stories

iOS 18

iOS 18.4 Coming Next Week With These New Features for Your iPhone

Friday February 14, 2025 6:18 am PST by
The first iOS 18.4 beta for iPhones should be just around the corner, and the update is expected to include many new features and changes. Bloomberg's Mark Gurman expects the iOS 18.4 beta to be released by next week. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri is expected to get several enhancements powered by Apple Intelligence on iOS...
Read Full Article
iPhone 17 Roundup Feature 2

iPhone Design to Change 'Significantly' This Year

Monday February 17, 2025 7:09 am PST by
Apple is set to "significantly change" the iPhone's design language later this year, according to a Weibo leaker. In a new post, the user known "Digital Chat Station" said that the iPhone's design is "starting to change significantly" this year. The "iPhone 17 Air" reportedly features a "horizontal, bar-shaped" design on the rear, likely referring to an elongated camera bump. On the other...
Read Full Article238 comments
apple launch feb 2025 alt

What to Expect From the 'Apple Launch' Next Week

Thursday February 13, 2025 11:48 am PST by
Apple has yet to announce any new devices this year, but that could change starting next week. Apple CEO Tim Cook today said to "get ready" for a "launch" on Wednesday, February 19. "Get ready to meet the newest member of the family," said Cook, in a social media post. The post includes an #AppleLaunch hashtag, along with a short video featuring an animated Apple logo inside of a circle....
Read Full Article83 comments
Apple Maps 2024

Apple Maps Might Start Showing Ads

Sunday February 16, 2025 7:22 am PST by
Apple is "exploring" the idea of showing search ads in the Apple Maps app, according to Bloomberg's Mark Gurman. Back in 2022, Gurman said software engineering was "already underway" to display ads in the Apple Maps app, but Apple did not move forward with the idea at the time. Today, he said Apple is "giving this notion more thought" again. This time around, he said Apple has yet to...
Read Full Article441 comments
Tim Cook Apple Park

10+ Announcements Apple Could Have Rolled Into a February Event

Saturday February 15, 2025 8:00 am PST by
Apple appears to have enough upcoming product announcements to justify a full event this month, yet all signs indicate these reveals will be handled through a series of press releases instead. There are a multitude of rumors from reliable sources about specific announcements in the coming weeks, so here's everything that Apple could have feasibly included in a hypothetical February event: ...
Read Full Article93 comments
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro With All-New Camera Bar Design Allegedly Revealed

Thursday February 13, 2025 5:49 pm PST by
Apple's next-generation iPhone 17 Pro will feature three rear cameras arranged in a familiar triangular layout, but the cameras will be housed in an all-new rectangular camera bar with rounded corners, according to YouTube channel Front Page Tech. iPhone 17 Pro camera design render created by Asher for Front Page Tech In a video uploaded today, Front Page Tech host Jon Prosser said the camera ...
Read Full Article273 comments
m2 pro mac mini

Apple is Now Selling a Refurbished Mac Mini for Just $319 (!)

Saturday February 15, 2025 9:58 am PST by
A few days ago, we reported that Apple's refurbished Mac mini pricing had a problem, and it appears that Apple has taken note. Apple was offering a refurbished Mac mini with the M2 chip, 16GB of RAM, and 256GB of storage for $559, which was $50 more than a refurbished Mac mini with the M4 chip, 16GB of RAM, and 256GB of storage. All other key specifications were equal. That's no longer...
Read Full Article166 comments
iPhone SE 4 Thumb 1

Apple's Next iPhone SE Launching on Wednesday - Here's What We Know

Friday February 14, 2025 4:04 pm PST by
Apple CEO Tim Cook teased an Apple announcement that's coming on Wednesday, February 19, and it's looking like that mystery announcement will be the next-generation iPhone SE. We've been hearing about the iPhone SE 4 for quite some time now, and we essentially know everything to expect. If you want a sneak peek at what's coming, read on. Naming Apple first introduced the iPhone SE in...
Read Full Article171 comments

Top Rated Comments

btrach144 Avatar
btrach144
95 months ago
Would these security researches tell Tim cook that getting rid of touch ID was retarded?
This has nothing to do with FaceID or TouchID. Please remain relevant.
Score: 42 Votes (Like | Disagree)
SoApple Avatar
SoApple
95 months ago
Would these security researches tell Tim cook that getting rid of touch ID was retarded?
What an irrelavant and pointless comment.

On a more relevant note. This exploit has been fixed in the new update.
Score: 26 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
95 months ago
These contests are great. They give good incentives to find security exploits, and they end up getting patched by Apple.
Score: 19 Votes (Like | Disagree)
Slix Avatar
Slix
95 months ago
The real question is: Will their exploits they found affect my iPod touch running iOS 6.1.6?

:P
Score: 14 Votes (Like | Disagree)
Aloft085 Avatar
Aloft085
95 months ago
FBI joke in 3-2-1....
No need, the FBI is the joke.
Score: 10 Votes (Like | Disagree)
WatchFromAfar Avatar
WatchFromAfar
95 months ago
On a more relevant note. This exploit has been fixed in the new update.
Has it? the post says "Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system" which came out yesterday.
Score: 10 Votes (Like | Disagree)
Read All Comments