Source: securityaffairs.co --- Tuesday, November 03, 2015
A team of hackers has received a million-dollar payout for disclosing a iOS zero-day vulnerability that could allow an attacker to remotely hack any Phone. Bad news for the Apple users, a team of hackers have received a million-dollar payout for disclosing an iOS zero-day vulnerability that could allow an attacker to remotely hack any Phone running the latest version of iOS, i.e. iOS 9. The unknown group of hackers has sold a zero-day vulnerability to Zerodium, the Exploit trade company controlled by the security firm Vupen which is specialized in Buys and Sells zero-day exploits . In September Zerodium offered a million dollar prize to any person that finds unknown, unpatched bug in iOS 9 with the main purpose to jailbreak iThings. The company announced the payment of a working exploit being able to do remote code execution on an iOS device via safari/chrome or by SMS/MMS, it also added that the zero-day exploit/jailbreak “must lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device.” The working zero-day exploit can combine other vulnerabilities to perform a jailbreak without the need of a reboot or a connection to an external device. “The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical acce ...
from Apple http://ift.tt/1Wt75Zw
No comments:
Post a Comment