Zerodium offers a million dollars for an iOS 9 exploit
A new security firm, Zerodium , which specializes in purchasing exploits from security writers, has published information about the new bug bounty program for iOS 9. It involves paying a million dollars for a working exploit for iOS 9. In fact, the exploit should include the exploitation of several vulnerabilities to obtain maximum root access by circumventing all defense mechanisms through remote code execution in the system, for example, via a web browser.
In a different configuration, the exploit may be an untethered jailbreak, which also allows you to get maximum rights in iOS 9. The exploit itself and the vulnerabilities used for it must be 0day and work on a fully updated version of the mobile OS.
The exploit should support remote penetration into iOS 9 via the Mobile Safari web browser or Google Chrome in the standard configuration (drive-by download). Another option involves the use of SMS or MMS messages for successful operation, or any other type of communication, including bluetooth and NFC. The operation process should be completely secretive for the user and not provide for any interaction with him to trigger it, except for the user visiting the website itself, on which the exploit is located.
')
The list of devices supported by the exploit is as follows:
The exploit should bypass iOS 9 protection mechanisms, including ASLR, sandboxing, rootless , code signing, and secure bootchain (secure low-level download). The rootless mechanism was added in iOS 9 to complicate the implementation of a possible jailbreak operation. It denies access to iOS system files even to users with high rights in the system.
Zerodium does not apply to those firms that are interested in disclosing the detected vulnerabilities to vendors for their subsequent correction. On the contrary, such companies specialize in purchasing exploits for purely private purposes, for example, for their subsequent resale to their customers. The company also has bug bounty for other software, which is often used by attackers to remotely deliver malware to the system, that is, web browsers and the Flash Player plugin. Similarly, the already notorious cyber group Hacking Team, which bought exploits from security-reporters for a fee, did.
In a different configuration, the exploit may be an untethered jailbreak, which also allows you to get maximum rights in iOS 9. The exploit itself and the vulnerabilities used for it must be 0day and work on a fully updated version of the mobile OS.
The exploit should support remote penetration into iOS 9 via the Mobile Safari web browser or Google Chrome in the standard configuration (drive-by download). Another option involves the use of SMS or MMS messages for successful operation, or any other type of communication, including bluetooth and NFC. The operation process should be completely secretive for the user and not provide for any interaction with him to trigger it, except for the user visiting the website itself, on which the exploit is located.
')
ZERODIUM will be able to make it up for you to make it possible for you to use it.
The list of devices supported by the exploit is as follows:
- iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
- iPhone 5 / iPhone 5c / iPhone 5s
- iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2
The exploit should bypass iOS 9 protection mechanisms, including ASLR, sandboxing, rootless , code signing, and secure bootchain (secure low-level download). The rootless mechanism was added in iOS 9 to complicate the implementation of a possible jailbreak operation. It denies access to iOS system files even to users with high rights in the system.
Zerodium does not apply to those firms that are interested in disclosing the detected vulnerabilities to vendors for their subsequent correction. On the contrary, such companies specialize in purchasing exploits for purely private purposes, for example, for their subsequent resale to their customers. The company also has bug bounty for other software, which is often used by attackers to remotely deliver malware to the system, that is, web browsers and the Flash Player plugin. Similarly, the already notorious cyber group Hacking Team, which bought exploits from security-reporters for a fee, did.
Source: https://habr.com/ru/post/267357/
All Articles