Richard Zhu and Amat Cama, two white hat hackers, recently teamed up at the Mobile Pwn2Own contest in Tokyo and ended up earning a $60,000 prize after finding an iPhone exploit, according to a blog post on the Zero Day Initiative website.


The duo used a Safari weakness on an iPhone X running iOS 12.1 to retrieve a photo that had recently been deleted from the device. The hackers used a malicious Wi-Fi access point to exploit a just-in-time (JIT) compiler vulnerability.


The exploit the two hackers discovered can also be used to access additional files beyond deleted photos; the deleted photo just happened to be the first file the two came across and so it was used as a demonstration.

Next up, Amat and Richard returned to the Short Distance category. This time, they were targeting the iPhone X over Wi-Fi. They used a pair of bugs – a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation. The successful demonstration earned them $60,000 USD more and 10 additional Master of Pwn points. This ends their first day of competition with $140,000 USD and a commanding lead for the Master of Pwn with 31 points.

With the prize money and points awarded from the iPhone vulnerability along with other exploits shown off at the event, Zhu and Cama won the "Master of Pwn" title.

pwn2owntokyo
Apple has been informed of the vulnerability and will likely address it in an upcoming iOS update.

Top Rated Comments

tridley68 Avatar
83 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Score: 5 Votes (Like | Disagree)
Sasparilla Avatar
83 months ago
This is an annual competition and while it seems bad on the surface, its actually good - all these exploits (which are out there and probably being used by others) will now get closed.

The more of this the better. The picture of the two heroes are awesome....so young, gotta be college or just out.

I'd love to see Apple put serious money out there for prizes to entice folks who might sell such things to bad actors or governments instead (there is such a market with big money involved).
Score: 5 Votes (Like | Disagree)
mmcneil Avatar
83 months ago
Love the white hats, congratulations to some serious and extremely young hackers. Great careers ahead for both!! Completely agree that Apple should participate in the bug bounty system to encourage the good guys!!!
Score: 2 Votes (Like | Disagree)
69Mustang Avatar
83 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Why would they? pwn2own is an annual contest. there were vulnerabilities last year, there are vulnerabilities this year, and there will be vulnerabilities next year. Hiring the researchers who find them (vulns) is no guarantee they'll strengthen their security. They'd end up with a boatload of researchers and still have the systems exploited every year. Security is an ongoing exercise.
Score: 1 Votes (Like | Disagree)
PJivan Avatar
83 months ago
The 3-letter agencies can not access our data. Ohh, wait...
0 days will always exist, the differences is that agencies keep them for themselves.
What you should expect from a company is to do their best to protect their customers. The bigger issues in today it world is that a chunk of companies found out that personal data is an extremely lucrative business, offering free service in exchange as trojan horses, now that is really concerning.
Score: 1 Votes (Like | Disagree)
Apple_Robert Avatar
83 months ago
Congrats to the White Hat hackers. A win for all involved.
Score: 1 Votes (Like | Disagree)

Popular Stories

iOS 19 Mock WWDC25 Feature

iOS 19 Expected to Run on These iPhones

Monday March 31, 2025 5:28 pm PDT by
iOS 19 will not be available on the iPhone XR, iPhone XS, or the iPhone XS Max, according a private account on social media site X that has accurately provided information on device compatibility in the past. The iPhone XR, iPhone XS, and iPhone XS Max all have an A12 Bionic chip, so it looks like iOS 19 will discontinue support for that chip. All other iPhones that run iOS 18 are expected...
watchOS 11 Thumb 2 1

Apple Releases watchOS 11.4 With Sleep Alarm Update

Tuesday April 1, 2025 10:34 am PDT by
Apple today released watchOS 11.4, the fourth major update to the operating system that runs on the Apple Watch. watchOS 11.4 is compatible with the Apple Watch Series 6 and later, all Apple Watch Ultra models, and the Apple Watch SE 2. watchOS 11.4 can be downloaded on a connected iPhone by opening up the Apple Watch app and going to General > Software Update. To install the new software,...
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods 4

Monday March 31, 2025 11:27 am PDT by
Apple today released new firmware updates for all AirPods 4 and AirPods Pro 2 models. The new firmware is version 7E93, up from the 7B21 firmware that was installed on the AirPods Pro 2 and the 7B20 firmware available on the AirPods 4 and AirPods 4 with ANC. It is not immediately clear what new features or changes are included in the new firmware, but we'll update this article should we find ...
maxresdefault

Apple Releases iOS 18.4 With Priority Notifications, Ambient Music, New Emoji and More

Monday March 31, 2025 10:03 am PDT by
Apple today released iOS 18.4 and iPadOS 18.4, the fourth major updates to the iOS 18 and iPadOS 18 operating system updates that came out last year. iOS 18.4 and iPadOS 18.4 come two months after Apple released iOS 18.3 and iPadOS 18.3. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to...
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Apple Card iPhone 16 Pro Feature

Visa and American Express Vying to Win Apple Card Deal in 'Fierce' Fight

Tuesday April 1, 2025 1:50 pm PDT by
Visa wants to pay Apple approximately $100 million to be the new payment network for the Apple Card, reports The Wall Street Journal. As of right now, the Apple Card is on the Mastercard payment network, but that is set to change because Apple is ending its partnership with Goldman Sachs. Both American Express and Visa are vying to replace Mastercard as Apple's card services provider, while...
iOS 18

Apple Seeds First Beta of iOS 18.5 to Developers

Wednesday April 2, 2025 10:11 am PDT by
Apple today seeded the first betas of upcoming iOS 18.5 and iPadOS 18.5 updates to developers for testing purposes, with the software coming just two days after Apple released iOS 18.4 and iPadOS 18.4. iOS 18.5 and iPadOS 18.5 can be downloaded from the Settings app on a compatible device by going to General > Software Update. We don't yet know what Apple is introducing in the iOS 18.5...