zerodium Stories September 30, 2016

Black hat security company Zerodium – which seeks to find vulnerabilities in iOS and Android to sell to corporate and government clients – has increased its maximum bounty for zero-day iOS 10 exploits to $1.5M. It previously offered $1M for iOS 9 vulnerabilities.

A zero-day vulnerability is one not yet known to the developer, so companies have zero days to prepare for exploits. The company’s founder told Arstechnica that the increased reward reflected the improved security in the latest version of iOS. He also explained why the company pays far more for iOS vulnerabilities than Android ones …

expand full story

zerodium Stories November 2, 2015

Browser-based jailbreak for iOS 9.1 and 9.2 beta exists, but don’t expect it to see the light of day

When Apple released iOS 9.1 last month, it closed an exploit that was used in the development of the most recent jailbreak software. As with every new iOS release, users were forced to choose whether they wanted to upgrade to the latest version of the operating system or stay on a slightly outdated version in order to preserve their jailbreak.

While that hasn’t changed today, a new bit of information from Zerodium has revealed that it is possible to jailbreak iOS 9.1—and the new iOS 9.2 beta—without even needing to plug it into a computer.

Browser-based jailbreaks have been a thing of the past for several years now, but Zerodium says it has awarded a $1 million bounty to one team of developers who managed to put together a new hack for modern iOS versions. Unfortunately, it’s not expected that users will ever benefit from this specific discovery. Zeroidum is in the business of buying exploits, not releasing jailbreaks, and after spending $1 million on this one, it’s not likely they’d release it to the public.

So while the developers who discovered this particular trick probably won’t be pushing out a 9.1 jailbreak anytime soon, users can at least rest assured that it is possible to create a JailbreakMe.com-style jailbreak for today’s software. Whether anyone will put this type of exploit to use is yet to be seen.

 

Powered by WordPress.com VIP