Skip to main content

Browser-based jailbreak for iOS 9.1 and 9.2 beta exists, but don’t expect it to see the light of day


When Apple released iOS 9.1 last month, it closed an exploit that was used in the development of the most recent jailbreak software. As with every new iOS release, users were forced to choose whether they wanted to upgrade to the latest version of the operating system or stay on a slightly outdated version in order to preserve their jailbreak.

While that hasn’t changed today, a new bit of information from Zerodium has revealed that it is possible to jailbreak iOS 9.1—and the new iOS 9.2 beta—without even needing to plug it into a computer.

Browser-based jailbreaks have been a thing of the past for several years now, but Zerodium says it has awarded a $1 million bounty to one team of developers who managed to put together a new hack for modern iOS versions. Unfortunately, it’s not expected that users will ever benefit from this specific discovery. Zeroidum is in the business of buying exploits, not releasing jailbreaks, and after spending $1 million on this one, it’s not likely they’d release it to the public.

So while the developers who discovered this particular trick probably won’t be pushing out a 9.1 jailbreak anytime soon, users can at least rest assured that it is possible to create a jailbreak for today’s software. Whether anyone will put this type of exploit to use is yet to be seen.


FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel


  1. James Dombro - 7 years ago

    Wow… Browser based jailbreak. That takes me wayyyy back

  2. chrisl84 - 7 years ago

    FBI/NSA…and British Governments are drooling

  3. rnc - 7 years ago

    Apple has to buy this guy. I don’t want to have an OS with this kind of 0day being sold by 1 million.

  4. Robert Nixon - 7 years ago

    If you “rest assured” in the fact that your phone’s entire security model can be compromised from visiting a rogue website, then you might be a complete moron.

    • Mike Beasley - 7 years ago

      If you can’t spot the fact that your phone is installing software and changing things without your permission, you might also be a complete moron.

      • Robert Nixon - 7 years ago

        Are you trying to be ironic? Or do you genuinely not see the difference between software installing automatically from trusted sources(oh, and lets not forget “changing ‘things'”) and a browser executing a payload that can compromise your entire system without your consent? One is par for the course for modern software distribution, the other is a gaping security hole.

      • Mike Beasley - 7 years ago

        My point is that if the iOS browser was executing a payload that can compromise your entire system without your consent, you would see it happening. It won’t just start running something in the background without your permission. There are reboots and other extremely noticeable steps involved in these types of exploits. A person would see it happening.

      • standardpull - 7 years ago


        You are sadly mistaken. Such a compromise could be installed completely automatically, remotely, silently, and in the background.

        There would be absolutely nothing for the user to see, unless the user can see a few thousand bytes of code get added to the running kernel.

  5. standardpull - 7 years ago

    But is it true? Or is it just a method to build press?

    A million is a lot of cash to give away. Let’s assume that if they sell this exploit, they’ll charge a smooth 10 million. After all, they need to comfortably cover their risks and costs.

  6. Adam Ibrahim - 7 years ago

    God, i remember there being one of these in the good old iOS 4 days… although this does show the danger of websites nowadays, imagine anyone getting root access to your device with a website… pretty cool to have for jailbreak, but scary possibilities.

  7. standardpull - 7 years ago

    A million is a lot of cash to give away. Let’s assume that if they sell this exploit, they’ll charge a smooth 5-10 million. After all, they need to comfortably cover their risks and costs.

    This is a lot of money even for a large firm. This will likely be sold to organized crime or a foreign government. I’d expect all to be revealed by a government accusing them of trafficking with organized crime.

    • obeq - 7 years ago

      That’s one way. One other way would be to sell the expertise, “look, we know all the latest zero days”. One million is a lot, but it’s not that much money in marketing terms. Or in terms of r&d.

  8. If someone figured it out for a million, someone else will figure out out to screw Zerodium. If no one does, it’s probably BS.

  9. imthemobileguru - 7 years ago

    They have an exploit that exists in the user land that has already been packaged and can be deployed via web? Did they actually disclose this to you or is this an extrapolation? I know there were 3 bounties. Were they all filled by the same analyst with 3 different exploits? Or is this just an expiration date issue? I would like to report on this but can’t until I find out if you have confirmed with Zerodium that all of their demands were met.

    If you are just going by the tweet..,that’s cool too. But actually Zerodium claiming they have a comex-esque remote solution is a bold statement.

    I couldn’t propagate that without a demo. These guys are an exploit broker, not a process creator.

  10. Save it for 9.2.1 please…