• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Mobile
  • Hackers win $1 million bounty for iOS 9 remote hack

Hackers win $1 million bounty for iOS 9 remote hack

Pierluigi Paganini November 03, 2015

A team of hackers has received a million-dollar payout for disclosing a iOS zero-day vulnerability that could allow an attacker to remotely hack any Phone.

Bad news for the Apple users, a team of hackers have received a million-dollar payout for disclosing an iOS zero-day vulnerability that could allow an attacker to remotely hack any Phone running the latest version of iOS, i.e. iOS 9.

The unknown group of hackers has sold a zero-day vulnerability to Zerodium, the  Exploit trade company controlled by the security firm Vupen which is specialized in Buys and Sells zero-day exploits.

In September Zerodium offered a million dollar prize to any person that finds unknown, unpatched bug in iOS 9 with the main purpose to jailbreak iThings.

The company announced the payment of a working exploit being able to do remote code execution on an iOS device via safari/chrome or by SMS/MMS, it also added that the zero-day exploit/jailbreak “must lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device.”

The working zero-day exploit can combine other vulnerabilities to perform a jailbreak without the need of a reboot or a connection to an external device.

“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical access, Bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such attack vectors.).”

The exploit/jailbreak must support and work reliably on the following devices (32-bit and 64-bit when applicable):
     – iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
     – iPhone 5 / iPhone 5c / iPhone 5s
     – iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2

Now it seems that someone has found the way to remotely hack the new IpPhone.

As I have explained several times the untethered jailbreaks allows users to gain root access to the operating system of the Apple devices allowing to bypass all the security features designed by Apple.

Jailbreaking a device is possible to install and execute software that could not otherwise be installed or run on that device, or to remove pre-installed software that could not otherwise be uninstalled.

ios 9

In the attack scenario described by the group of hackers, they are able to exploit a zero-day in order to perform a remote browser-based jailbreak. Experts speculate that the new zero-day works on the new iPhone 6 and iPhone 5 models, iPad Air 2 and Air, iPad 4 and 3, and the iPad mini 4 and iPad mini 2.

The bug hunters have found three flaws in iOS 9.x and Google Chrome that lead them to remotely hack any iPhone running iOS 9.x.

“No software other than iOS really deserves such a high bug bounty,” founder Chaouki Bekrar told Vulture South. “Our bounty required much more work than a classic jailbreak as it had to be remote and browser-based, so this required two to three additional zero-days compared to a public jailbreak.” “The exploit chain includes a number of vulnerabilities affecting both Google Chrome browser and iOS, and bypassing almost all mitigations in place.”

Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!

— Zerodium (@Zerodium) 2 Novembre 2015

According to Bekrar, the winners submitted the zero-day exploit a few hours before the contest closed, there was also another team of hacker that reported a partial jailbreak and could gain a partial reward.

Actually the experts at Zerodium are testing the zero-day exploit, obviously only the Zerodium clients will have the access to the remote browser-based untethered jailbreaking, the company confirmed that the zero-day will not be disclosed in public.

“We will first report the vulnerabilities to our customers, and we may later report them to Apple,” Bekrar added.

Who are the clients of companies like Zerodium and Vupen? Which is the final use of such kind of zero-day exploits?

The exploits could be acquired by totalitarian governments that could use them for surveillance and to track opponents. An attacker could use them to install any application that could allow to track individuals, including spyware and surveillance software.

Apple users have no choice, the must hope that security experts at Apple will find the zero-day bug and will fix it before someone could exploit it in the wild.

[adrotate banner=”9″]

 

Pierluigi Paganini

(Security Affairs – Apple zero-day, hacking)


facebook linkedin twitter

Apple exploit Hacking iOS 9 iPhone jailbreak zero-Day Zerodium

you might also like

Pierluigi Paganini July 27, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55
Read more
Pierluigi Paganini July 27, 2025
Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT