"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
Browser-Based iOS 9.1/9.2 Jailbreak Wins $1M Bounty, Will Be Sold for Corporate and Government Use
Earlier this month, exploit acquisition platform Zerodium debuted an iOS 9 bug bounty that would pay out up to three million dollars to hackers who managed to develop a browser-based untethered jailbreak for iOS 9, which it could then sell to clients interested in shelling out a lot of money to gain illicit access to iOS devices.
The contest expired at the end of October, and Zerodium today announced one hacking team had successfully created a browser-based jailbreak for iOS 9.1 and iOS 9.2, the latest versions of iOS 9, earning $1 million.
Zerodium foundar Chaouki Bekrar told Wired that the exploit developed by the hackers will be given to its customers, which include major technology, finance, and defense corporations, along with government agencies. The contest rules required the exploit to be achievable remotely without requiring user interaction beyond reading a text message or visiting a website via Chrome or Safari on an iOS device.
Bekrar confirmed that Zerodium plans to reveal the technical details of the technique to its customers, whom the company has described as "major corporations in defense, technology, and finance" seeking zero-day attack protection as well as "government organizations in need of specific and tailored cybersecurity capabilities."Because it's selling the jailbreak ("likely" to U.S. customers only), Zerodium does not plan to report the vulnerabilities in the operating system to Apple, though Bekrar says the company may share the details at a later date. The jailbreak also won't be provided to the general public, but Bekrar says Zerodium announced the results of the contest to remind people that while iOS security is "very hardened," it's not unbreakable.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
[ 212 comments ]
Top Rated Comments
(View all)
41 months ago
This is very very bad. This is going to be abused by either our government or another malicious party. For example, all one would need to do is inject the exploit in an unencrypted WiFi to gain complete control over a phone since this is a browser based hack.
41 months ago
Folks, this is just a jailbreak, it's neither illegal, nor can it be applied to a phone whose owner doesn't want it, just like all the other jailbreaks over the years.
The contest rules required the exploit to be achievable remotely without requiring user interaction beyond reading a text message or visiting a website via Chrome or Safari on an iOS device.
What do you think a jailbreak is? It's just a fancy name for an exploit that you want to use. If applied against your will or without your knowledge it is simply malware.
41 months ago
Hopefully, Apple who is sneaky is actually one of the customers and will plug the hole quickly. Yes wishful thinking, we might get a plug if the hole goes public and then probably in iOS 10. (SMH)
41 months ago
Buy Apple they said. It's secure they said.
The fact that they're offering $1M for someone to develop the breach should make you feel very good about the overall security of the system... if it was easy nobody would pay $1M for it.
41 months ago
uninstalling Chrome browser on my iPhone today.
the winning team for the hack probably gains entry through the Chrome browser, not Safari on iOS.
As Chrome is forced to use webkit as a renderer, I don't think it makes a diference what browser you're using.
41 months ago
There must be a federal and international law to mandate these information to be given up to the software company ASAP to get it fixed and to ban anyone doing this from doing business again. Zerodium should be ashamed of themselves for intentionally withholding the exploit from Apple just to make a few bucks on people's security.
Please do yourself a favor and learn what a jailbreak is, it is a fancy name for gaining access to the root status on the device or more accurate, a massive security exploit. Also, yes, it can be applied to the phone without the owner's permission, you have no idea what you're talking about.
It is the responsibility of Apple to fix this ASAP to ensure no one can use this against the device users.
Folks, this is just a jailbreak, it's neither illegal, nor can it be applied to a phone whose owner doesn't want it, just like all the other jailbreaks over the years.
Please do yourself a favor and learn what a jailbreak is, it is a fancy name for gaining access to the root status on the device or more accurate, a massive security exploit. Also, yes, it can be applied to the phone without the owner's permission, you have no idea what you're talking about.
It is the responsibility of Apple to fix this ASAP to ensure no one can use this against the device users.
Buy Apple they said. It's secure they said.
Yea, it's a lie but it is not limited to Apple. There is nothing in this universe that can be secure. Everything is breakable.
41 months ago
Folks, this is just a jailbreak, it's neither illegal, nor can it be applied to a phone whose owner doesn't want it, just like all the other jailbreaks over the years.
[ Read All Comments ]
Giphy today announced an update for its iOS app, bringing its GIF-sharing keyboard extension to any app that supports multimedia, including Mail, WhatsApp, Snapchat, Instagram, and more. The update...
Satechi today announced that its new USB-C hub for the 2018 iPad Pro is now available for purchase for $59.99 on the accessory maker's website and Amazon.
Designed for the new iPad...
In October, a report by Bloomberg claimed that spies working for the Chinese government had inserted microchips on Supermicro server motherboards to spy on customers, which Bloomberg reported as...
Two of Apple's largest suppliers have reported healthy jumps in monthly revenue, suggesting fears of weak iPhone demand may be overblown (via Bloomberg).
Asian firms TSMC and Foxconn (Hon...
Google today announced that it is expediting the closure of its Google+ social platform, which was previously set to end in August 2019 and will now be shut down in April 2019.
The company...
Apple today seeded the first beta of an upcoming macOS Mojave 10.14.3 update to developers, five days after releasing macOS Mojave 10.14.2, which addressed an issue with external displays and...
Apple today seeded the first beta of an upcoming watchOS 5.1.3 update to developers, four days after releasing the watchOS 5.1.2 update with new complications for the Infograph face and ECG...
Apple this morning seeded the first beta of an upcoming tvOS 12.1.2 update to developers for testing purposes, five days after releasing the tvOS 12.1.1 update.
Designed for the fourth and...
