Earlier in September we published a post stating that Zeriodium was offering a bounty of $1 Million for iOS 9 remote hacking exploit. And now, after one and a half month, the unpleasant news comes in for iOS users: iOS Hack!
According to Chaouki Bekrar, founder of Zerodium, someone has claimed a whopping bounty during this week. As a reminder, the bounty challenge required hackers to find a way to remotely hack into and jailbreak Apple’s latest iOS 9.1 and 9.2b, which would allow attackers to install any app with full privileges.
The important part is that the vulnerability should have existed in Chrome, Safari, SMS or MMS which would allow remote hacking. Meaning that a hacker would need to discover not a single but a whole series of vulnerabilities in order to remotely install apps.
“Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits compared to a local jailbreak,” – noted Bekrar.
Many tech companies offer bounties for vulnerabilities, but what makes Zerodium different is that their bounty is much higher, they don’t release detailed information about exploits and vulnerabilities and most importantly the new exploits are sold to governments and intelligence agencies similar to NSA.
Bekrar did not reveal any information about the winning team, exploits, selling price or a future customer who would acquire the exploit. But if his company was ready to pay $1-3 Million dollars for this exploit, presumably the new customer will be ready to pay much more.
”This challenge is one of the best advertisement for Apple as it has confirmed once again that iOS security is real and not just about marketing,” Bekrar said. ”No software other than iOS really deserves such a high bug bounty.”
Hopefully, Apple will be able to discover the chain of vulnerabilities and bugs will be fixed soon. We will keep you updated regarding this issue. Subscribe and follow us on social networks to stay aware!