Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Security Researchers Use Wi-Fi and Safari Exploits to Breach iPhone 7 at Annual Mobile Pwn2Own Contest

by

Trend Micro's annual Mobile Pwn2Own contest took place in Tokyo, Japan today at the PacSec security conference, and security researchers spent the day attempting to hack into the iPhone 7, the Samsung Galaxy S8, the Google Pixel, and the Huawei Mate 9 Pro in an effort to win prizes totaling more than $500,000.


Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system, was successfully breached twice by Tencent Keen Security Lab. The first hack targeted a Wi-Fi bug and won the team $110,000 and 11 Master of Pwn points, while the second hack targeted the Safari Browser and earned Tencent Keen Security Lab $45,000 and 12 Master of Pwn points.

They used a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot. They earned $60,000 for the WiFi exploit and added $50,000 for the persistence bonus - a total of $110,000 and 11 Master of Pwn points.

Tencent Keen Security Lab was on the clock once more as they targeted the Safari Browser on the Apple iPhone 7. It took them just a few seconds to successfully demonstrate their exploit, which needed only two bugs - one in the browser and one in a system service to allow their rogue app to persist through a reboot. As the second finisher in the Browser category, they earned half of the cash award at $45,000, but still earned the full 13 Master of Pwn points.

Security researcher Richard Zhu was also able to leverage two bugs to exploit the Safari browser and escape the sandbox to successfully run code on the iPhone 7, earning him $25,000 and 10 Master of Pwn points.

Along with the iPhone 7, researchers were able to find exploits for the Samsung Galaxy S8 and the Huawei Mate 9 Pro, earning a total of $350,000.

Trend Micro hosts Pwn2Own in an effort to promote its Zero Day Initiative, designed to reward security researchers for disclosing major vulnerabilities to tech companies like Apple and Google.

Pwn2Own continues on through tomorrow, so additional exploits may be uncovered. Apple representatives have been known to attend Pwn2Own competitions in past years, and all vulnerabilities discovered are disclosed to Apple. The company then has 90 days to produce patches for all iOS-related bugs before they're publicly disclosed.

Tag: Pwn2Own

Popular Stories

imac video apple feature

Apple Released Yet Another New Product Today

Friday March 20, 2026 2:39 pm PDT by
Apple has unveiled a whopping nine new products so far this March, including an iPhone 17e, iPad Air models with the M4 chip, MacBook Air models with the M5 chip, MacBook Pro models with M5 Pro and M5 Max chips, the all-new MacBook Neo, an updated Studio Display, a higher-end Studio Display XDR, AirPods Max 2, and now the Nike Powerbeats Pro 2. iPhone 17e features the same overall design as...
Read Full Article
iPhone 18 Pro Deep Red Feature

iPhone 18 Pro Launching Later This Year With These 12 New Features

Wednesday March 18, 2026 7:39 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another six months or so, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component...
Read Full Article80 comments
ios 26 4 pastel

iOS 26.4: Top 10 New Features Coming to Your iPhone

Friday March 20, 2026 2:44 pm PDT by
iOS 26.4 isn't the major update with new Siri features that we hoped for, but there are some useful quality of life improvements, and a little bit of fun with an AI playlist generator and new emoji characters. Playlist Playground - Apple Music has a Playlist Playground option that lets you generate playlists from text-based descriptions. You can include moods, feelings, activities, or...
Read Full Article51 comments

Top Rated Comments

btrach144 Avatar
btrach144
110 months ago
Would these security researches tell Tim cook that getting rid of touch ID was retarded?
This has nothing to do with FaceID or TouchID. Please remain relevant.
Score: 42 Votes (Like | Disagree)
S
SoApple
110 months ago
Would these security researches tell Tim cook that getting rid of touch ID was retarded?
What an irrelavant and pointless comment.

On a more relevant note. This exploit has been fixed in the new update.
Score: 26 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
110 months ago
These contests are great. They give good incentives to find security exploits, and they end up getting patched by Apple.
Score: 19 Votes (Like | Disagree)
Slix Avatar
Slix
110 months ago
The real question is: Will their exploits they found affect my iPod touch running iOS 6.1.6?

:P
Score: 14 Votes (Like | Disagree)
WatchFromAfar Avatar
WatchFromAfar
110 months ago
On a more relevant note. This exploit has been fixed in the new update.
Has it? the post says "Apple's iPhone 7, running iOS 11.1, the latest version of the iOS 11 operating system" which came out yesterday.
Score: 10 Votes (Like | Disagree)
A
Aloft085
110 months ago
FBI joke in 3-2-1....
No need, the FBI is the joke.
Score: 10 Votes (Like | Disagree)
Read All Comments
Related Apple News: Business | Politics | Mac | World News | News