Tencent Keen Security Lab first demonstrated a successful WiFi exploit on the Apple iPhone 7. They used a total of four bugs to gain code execution and escalate privileges to allow their rogue application to persist through a reboot. They earned $60,000 for the WiFi exploit and added $50,000 for the persistence bonus – a total of $110,000 and 11 Master of Pwn points. All it took was connecting a WiFi network to get the KeenLab app appear on an iPhone.
Tencent Keen Security Lab also targeted the Safari Browser on the Apple iPhone 7. It took them just a few seconds to successfully demonstrate their exploit, which needed only two bugs – one in the browser and one in a system service to allow their rogue app to persist through a reboot. As the second finisher in the Browser category, they earned half of the cash award at $45,000, but still earned the full 13 Master of Pwn points.
Richard Zhu (fluorescence) also targeted the Safari Browser on the Apple iPhone 7. He used a bug in the browser and an out-of-bounds bug in the broker to escape the sandbox and execute code. The short demo earned him $25,000 and 10 Master of Pwn points.
Check out the video below for more details...