Zerodium announced that it has completed the ” bug hunt ” on iOS 9. The winning team would receive a prize of a million dollars to have discovered a number of vulnerabilities that allow code to run remotely via browser.
A hacker group Anonymous was paid a million dollars from Zerodium to have discovered a number of security holes on iOS 9.x Vulnerabilities, on the operating system and the browser Google Chrome, would allow the execution of jailbreak untethered, ie a release persistent each time you reboot the machine permits higher system. The real news, given by the same Zerodium, which is currently circulating serious vulnerabilities System on iOS, the value of which can exceed one million dollars.
The exploit can be run on all models of iPhone 6 and iPhone 5 smartphone on the front, while on tablets is applicable on iPad Air 2, iPad Air, iPad 4, iPad 3, iPad mini 4 and iPad mini 2. ” Our size required much more effort than a jailbreak classic since it can be performed via remote via browser, it was necessary to find two or three bugs in more than a public jailbreak ” said Zerodium, who specified that the leaks are both of which were discovered on the iOS version of Chrome for the operating system of Cupertino.
The program iOS -#day bounty was announced last month by the same company: ” Zerodium will pay a million dollars to any individual or team that creates and publishes in Zerodium an untethered jailbreak and exclusive browser-based for the past and for Apple devices iOS operating system 9, ” wrote the company on notice. ” The program is open until 31 October, and can be terminated in advance if the total premium for researchers reaches three million US dollars. ” Few hours ago, it was announced that there is a winner, although it remained anonymous.
We believe it is highly unlikely that Zerodium release publicly the vulnerability of the system: ” We will report before the vulnerability to our customers, and then we could bring them back to Apple, ” said company founder Chaouki Bekrar. And it’s likely that Apple is willing to pay even a figure well in excess of a million just to get it, especially considering the risks of having a mobile operating system potentially open to attacks and executable remotely via the web browser.
The untethered jailbreak is only a lesser evil faced with a similar vulnerability feasible via web browser. The founder of Zerodium was previously in charge of VUPEN, a company that dealt with the discovery of security vulnerabilities and brokerage. VUPEN in the past had relationships with US corporations and governments, selling their exploits of various kinds by means of a subscription.
Many researchers sell bugs not publicly released to third-party companies, which are willing to pay good money just to get them. But a million dollars is a rare figure to be reached in these cases: ” No software in the iOS really deserves a size so high, ” said the founder of Zerodium. In the history of the operating system only in a single case the jailbreak was practicable through the browser. Usually, vulnerabilities that allow it are far more innocuous and of little interest to potential attackers.
Unfortunately in this case, the situation is different, with Apple that is called to having to respond to a problem not really pleasant neither for the company nor, above all, for users of the mobile platform.