Find a zero-day exploit to hack IOS 9 and win a $1m prize

Pierluigi Paganini September 22, 2015

Zerodium is an Exploit trader and it’s offering a million dollar prize to any person that finds zero-day flaws in iOS 9, and you can imagine the motivation.

Zerodium is an Exploit trader and it’s offering a million dollar prize to any person that finds unknown, unpatched bug in iOS 9 with the main purpose to jailbreak iThings.

Zerodium a startup of the popular French Security firm VUPEN, which is considered one of the most active firm in the trading of zero-day exploits.

The individual (or team) have to present a working exploit being able to do remote code execution on an iOS device via safari/chrome or by SMS/MMS, this is the condition to cash out the price.

The company added that the zero-day exploit/jailbreak “must lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device.”

The working zero-day exploit can combine other vulnerabilities to perform a jailbreak without the need of a reboot or a connection to an external device.

“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such attack vectors.).”

The exploit/jailbreak must support and work reliably on the following devices (32-bit and 64-bit when applicable):
     – iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
     – iPhone 5 / iPhone 5c / iPhone 5s
     – iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2

Since many people don’t mind do pay for jailbreaking their iDevices, there’s cash to be made with the jailbreak by packaging up the bug into a jailbreak tool, and after all you need is visit a specific page in your browser to initiate the installation.

ios 9 zero-day exploit

Besides, a remote code execution is the technique to inject and execute malicious code in the people’s devices and take over them.

Normally the zero-day vulnerabilities discovered in iphone/iPAD are used to enable the device to be jailbreaked and only after Apple patches the flaws in their security updates.

Zerodium explained that they are willing to pay up to three bounties ($3m) for the program until October 31. The successful exploits also need to be able to run on iOS for iPhone 5 and later (including the iPhone 6S and 6S Plus), iPad Mini 2 and later, and iPad Air

“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading an SMS/MMS. Attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty,” states a blog post published by Zerodium.

The availability of such kind of exploit is very dangerous for the Apple communities, zero-day exploit can be sold by the Zerodium to its customers for users easy to imagine.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – iOS 9, zero-day)



you might also like

leave a comment