Zerodium is an Exploit trader and it’s offering a million dollar prize to any person that finds unknown, unpatched bug in iOS 9 with the main purpose to jailbreak iThings.
Zerodium a startup of the popular French Security firm VUPEN, which is considered one of the most active firm in the trading of zero-day exploits.
The individual (or team) have to present a working exploit being able to do remote code execution on an iOS device via safari/chrome or by SMS/MMS, this is the condition to cash out the price.
The company added that the zero-day exploit/jailbreak “must lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device.”
The working zero-day exploit can combine other vulnerabilities to perform a jailbreak without the need of a reboot or a connection to an external device.
“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such attack vectors.).”
The exploit/jailbreak must support and work reliably on the following devices (32-bit and 64-bit when applicable):
– iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
– iPhone 5 / iPhone 5c / iPhone 5s
– iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2
Since many people don’t mind do pay for jailbreaking their iDevices, there’s cash to be made with the jailbreak by packaging up the bug into a jailbreak tool, and after all you need is visit a specific page in your browser to initiate the installation.
Besides, a remote code execution is the technique to inject and execute malicious code in the people’s devices and take over them.
Normally the zero-day vulnerabilities discovered in iphone/iPAD are used to enable the device to be jailbreaked and only after Apple patches the flaws in their security updates.
Zerodium explained that they are willing to pay up to three bounties ($3m) for the program until October 31. The successful exploits also need to be able to run on iOS for iPhone 5 and later (including the iPhone 6S and 6S Plus), iPad Mini 2 and later, and iPad Air
“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading an SMS/MMS. Attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty,” states a blog post published by Zerodium.
The availability of such kind of exploit is very dangerous for the Apple communities, zero-day exploit can be sold by the Zerodium to its customers for users easy to imagine.
About the Author Elsio Pinto
Edited by Pierluigi Paganini
(Security Affairs – iOS 9, zero-day)