U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Find a zero-day exploit to hack IOS 9 and win a $1m prize

Zerodium is an Exploit trader and it’s offering a million dollar prize to any person that finds zero-day flaws in iOS 9, and you can imagine the motivation. Zerodium is an Exploit trader and it’s offering a million dollar prize to any person that finds unknown, unpatched bug in iOS 9 with the main purpose to […]

Find a zero-day exploit to hack IOS 9 and win a $1m prize

Zerodium is an Exploit trader and it’s offering a million dollar prize to any person that finds zero-day flaws in iOS 9, and you can imagine the motivation.

Zerodium is an Exploit trader and it’s offering a million dollar prize to any person that finds unknown, unpatched bug in iOS 9 with the main purpose to jailbreak iThings.

Zerodium a startup of the popular French Security firm VUPEN, which is considered one of the most active firm in the trading of zero-day exploits.

The individual (or team) have to present a working exploit being able to do remote code execution on an iOS device via safari/chrome or by SMS/MMS, this is the condition to cash out the price.

The company added that the zero-day exploit/jailbreak “must lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device.”

The working zero-day exploit can combine other vulnerabilities to perform a jailbreak without the need of a reboot or a connection to an external device.

“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such attack vectors.).”

The exploit/jailbreak must support and work reliably on the following devices (32-bit and 64-bit when applicable):
     – iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
     – iPhone 5 / iPhone 5c / iPhone 5s
     – iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2

Since many people don’t mind do pay for jailbreaking their iDevices, there’s cash to be made with the jailbreak by packaging up the bug into a jailbreak tool, and after all you need is visit a specific page in your browser to initiate the installation.

ios 9 zero-day exploit

Besides, a remote code execution is the technique to inject and execute malicious code in the people’s devices and take over them.

Normally the zero-day vulnerabilities discovered in iphone/iPAD are used to enable the device to be jailbreaked and only after Apple patches the flaws in their security updates.

Zerodium explained that they are willing to pay up to three bounties ($3m) for the program until October 31. The successful exploits also need to be able to run on iOS for iPhone 5 and later (including the iPhone 6S and 6S Plus), iPad Mini 2 and later, and iPad Air

“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading an SMS/MMS. Attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty,” states a blog post published by Zerodium.

The availability of such kind of exploit is very dangerous for the Apple communities, zero-day exploit can be sold by the Zerodium to its customers for users easy to imagine.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – iOS 9, zero-day)