Richard Zhu and Amat Cama, two white hat hackers, recently teamed up at the Mobile Pwn2Own contest in Tokyo and ended up earning a $60,000 prize after finding an iPhone exploit, according to a blog post on the Zero Day Initiative website.


The duo used a Safari weakness on an iPhone X running iOS 12.1 to retrieve a photo that had recently been deleted from the device. The hackers used a malicious Wi-Fi access point to exploit a just-in-time (JIT) compiler vulnerability.


The exploit the two hackers discovered can also be used to access additional files beyond deleted photos; the deleted photo just happened to be the first file the two came across and so it was used as a demonstration.

Next up, Amat and Richard returned to the Short Distance category. This time, they were targeting the iPhone X over Wi-Fi. They used a pair of bugs – a JIT vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation. The successful demonstration earned them $60,000 USD more and 10 additional Master of Pwn points. This ends their first day of competition with $140,000 USD and a commanding lead for the Master of Pwn with 31 points.

With the prize money and points awarded from the iPhone vulnerability along with other exploits shown off at the event, Zhu and Cama won the "Master of Pwn" title.

pwn2owntokyo
Apple has been informed of the vulnerability and will likely address it in an upcoming iOS update.

Top Rated Comments

tridley68 Avatar
tridley68
81 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Score: 5 Votes (Like | Disagree)
Sasparilla Avatar
Sasparilla
81 months ago
This is an annual competition and while it seems bad on the surface, its actually good - all these exploits (which are out there and probably being used by others) will now get closed.

The more of this the better. The picture of the two heroes are awesome....so young, gotta be college or just out.

I'd love to see Apple put serious money out there for prizes to entice folks who might sell such things to bad actors or governments instead (there is such a market with big money involved).
Score: 5 Votes (Like | Disagree)
mmcneil Avatar
mmcneil
81 months ago
Love the white hats, congratulations to some serious and extremely young hackers. Great careers ahead for both!! Completely agree that Apple should participate in the bug bounty system to encourage the good guys!!!
Score: 2 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
81 months ago
Hopefully Apple will snap them up so their talents can strengthen Apple's security
Why would they? pwn2own is an annual contest. there were vulnerabilities last year, there are vulnerabilities this year, and there will be vulnerabilities next year. Hiring the researchers who find them (vulns) is no guarantee they'll strengthen their security. They'd end up with a boatload of researchers and still have the systems exploited every year. Security is an ongoing exercise.
Score: 1 Votes (Like | Disagree)
PJivan Avatar
PJivan
81 months ago
The 3-letter agencies can not access our data. Ohh, wait...
0 days will always exist, the differences is that agencies keep them for themselves.
What you should expect from a company is to do their best to protect their customers. The bigger issues in today it world is that a chunk of companies found out that personal data is an extremely lucrative business, offering free service in exchange as trojan horses, now that is really concerning.
Score: 1 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
81 months ago
Congrats to the White Hat hackers. A win for all involved.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 17 Pro Dual Tone Horizontal 1

iPhone 17 Pro Launching This Year With These 8 New Features

Tuesday January 28, 2025 11:48 am PST by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. iPhone 17 Pro concept based on rumors Below, we recap key changes rumored for the iPhone 17 Pro models as of January 2025: More aluminum: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models ...
Read Full Article
m3 macbook pro blue

Apple Explains How to Keep Your Mac From Turning on When Opening Lid

Thursday January 30, 2025 4:14 pm PST by
Apple designed Macs with Apple silicon chips to automatically turn on and start up when the Mac's lid is opened or when the Mac is connected to power, but there is a workaround in macOS Sequoia if you don't like this behavior. In a new support document, Apple provided separate instructions on how to prevent an Apple silicon Mac from turning on when the lid is opened or when it's connected to ...
Read Full Article164 comments
50 New iPhone Features Apple Added Since iOS 18 1

50 iPhone Features Apple Added to iOS 18 Since September

Thursday January 30, 2025 2:41 am PST by
Since iOS 18 was released in September 2024, Apple has introduced an unprecedented number of new features and improvements across several point updates. With iOS 18.1, 18.2, and 18.3, users have seen a host of tweaks and changes designed to enhance everything from the Mail app to Camera Control on the iPhone 16. Below, we've listed 50 of the features and changes that have been rolled out...
Read Full Article46 comments
iPhone 17 Air Size Feature

iPhone 17 Air Design, Specs, and More: All the Rumors So Far

Wednesday January 29, 2025 4:00 am PST by
This year, Apple is expected to discontinue the iPhone "Plus" device in its iPhone 17 lineup to make way for an iPhone "Air," so-called because of its thin profile. Below is a compilation of every rumor and leak we have registered from reputable sources thus far about Apple's new entry in its flagship smartphone lineup. iPhone 17 "Air"? About the Name There has been some uncertainty...
Read Full Article60 comments
airpods 4 blue

Apple Finally Explains How to Install New Firmware on Your AirPods

Monday January 27, 2025 11:17 am PST by
Apple regularly releases new firmware for the AirPods, AirPods Pro, and AirPods Max, but the company has historically provided limited information on how to initiate an update. That changed today, and Apple updated its AirPods firmware support page with more specific instructions. Prior to today, here's what Apple said on the subject: Firmware updates are delivered automatically while your...
Read Full Article60 comments
Generic iOS 18

When Will Apple Release the iOS 18.4 Beta?

Wednesday January 29, 2025 3:11 pm PST by
On January 27, Apple released iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3, which means we're now ready for a new round of beta testing. The next betas are rumored to have important new Siri Apple Intelligence features, so when can we expect the software? There are typically few pauses between beta updates, and Apple often seeds a new beta just a day or two after new software comes out....
Read Full Article75 comments
iPhone 17 Air Size Feature

Apple CEO Tim Cook: There's a 'Lot of Innovation' Left for Future iPhone Development

Thursday January 30, 2025 2:43 pm PST by
During today's earnings call covering the first fiscal quarter of 2025, Apple CEO Tim Cook was asked about whether he felt there was room for form factor innovation in future iPhone models, with the question hinting perhaps spurred by rumors of the upcoming "iPhone 17 Air." Cook often declines to provide insight into future products during earnings calls, but he did give an encouraging...
Read Full Article112 comments
windows 11 iphone start menu

Windows 11 Now Lets You Access Your iPhone from the Start Menu

Thursday January 30, 2025 1:21 am PST by
Microsoft has announced an update to Windows 11 that allows iPhone users to access their devices directly from the Start menu, bringing feature parity with its existing Android phone integration. The new functionality lets you view your device's battery status, cellular connectivity, and recent activities without leaving the Windows environment. You can also access messages, calls, and file...
Read Full Article62 comments