Well, here's some terrible news for all Apple iOS users…
Someone just found an iOS zero-day vulnerability that could allow an
attacker to remotely hack your iPhone running the latest version of iOS,
i.e. iOS 9.
Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium, a startup by French-based company Vupen that Buys and Sells zero-day exploits.
And Guess what, in How much?
$1,000,000. Yes, $1 Million.
Last month, a Bug bounty challenge
was announced by Zerodium for finding a hack that must allow an
attacker to remotely compromise a non-jailbroken Apple device through:
- A web page on Safari or Chrome browser,
- In-app browsing action, or
- Text message or MMS.
Zerodium's Founder Chaouki Bekrar confirmed on Twitter that an unnamed group of hackers has won this $1 Million Bounty for sufficiently submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit.
NO More Fun. It's Serious Threat to iOS Users
For those who are not aware, this remote Jailbreak is not really cool.
Why? Because…
The only difference between a malicious cyber attack and Jailbreak is – Payload, the code that executes on target system after exploitation.
A traditional jailbreak process is usually used to deploy an alternative
App Store, but in hands of Hackers or law enforcement agencies, the
same exploit can allow them to install any app they want with full
privileges i.e. Spyware, Malware or Surveillance software.
Moreover, We know that Zerodium's parent company Vupen develops hacking
techniques based on those bugs and typically sells them to multiple
government customers.
So,
the chances are high that the firm will resell the newly discovered and
undisclosed remote iOS zero-day jailbreak exploit to its clients, which
are said to include Spy agencies, Governments, and Law enforcement
agencies.
Post a Comment