Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone (vice.com)

← Back to Stories (view on slashdot.org)

Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone (vice.com)

Posted by samzenpus on Monday November 2, 2015 @11:33AM from the protect-ya-neck dept.

citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."

100 comments

Min score:

Reason:

Sort:

Stolen Work by WankerWeasel · 2015-11-02 11:42 · Score: 1

Looks like they just used the 9.1 jailbreak released a couple weeks ago and claimed the reward after reverse engineering it.
1. Re:Stolen Work by Anonymous Coward · 2015-11-02 11:50 · Score: 5, Interesting
  
  Nope. The title and summary of this article don't stress the important point: that it's purely browser-based. Visit the wrong website and you're compromised. Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable. Thanks, Apple!
2. Re:Stolen Work by Anonymous Coward · 2015-11-02 11:56 · Score: 0
  
  Nope. The title and summary of this article don't stress the important point:
  ?
  You mean this line from the summary? The initial exploit, had to come through Safari, Chrome, or a text or multimedia message.
3. Re:Stolen Work by Anonymous Coward · 2015-11-02 12:01 · Score: 0
  
  Thanks, Apple and Google. (The exploit is via Chrome)
4. Re: Stolen Work by Anonymous Coward · 2015-11-02 12:42 · Score: 5, Insightful
  
  Chrome on iOS isn't actually chrome. All the rendering is done by safari, since Apples app store rules don't permit 3rd party web renderers.
  Consider Chrome on iOS to be 'safari with a shell that syncs bookmarks'.
5. Re:Stolen Work by phantomfive · 2015-11-02 17:42 · Score: 1
  
  Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable.
  It might have been bought by the NSA, or other country's spy group.
  
  --
  "First they came for the slanderers and i said nothing."
6. Re: Stolen Work by Anonymous Coward · 2015-11-02 18:13 · Score: 0
  
  It is still a different attack vector, however. It probably has nothing to do with the html rendering engine or JavaScript runtime, or they would have chose the native browser to deliver the explorer.
7. Re:Stolen Work by tsa · 2015-11-02 19:53 · Score: 1
  
  It might be bought by Apple so they can find out how to patch it.
  
  --
  -- Cheers!
8. Re: Stolen Work by shitzu · 2015-11-02 19:59 · Score: 1
  
  There is no 9.1 jailbreak released. Jailbreak was released for up to 9.0.2 and with 9.1 Apple "fixed" it.
9. Re: Stolen Work by Anonymous Coward · 2015-11-02 20:28 · Score: 0
  
  Moo?
10. Re:Stolen Work by Anonymous Coward · 2015-11-02 20:56 · Score: 0
  
  Or some guy from the NSA has just earned a million dollars.
11. Re: Stolen Work by michelcolman · 2015-11-02 21:01 · Score: 1
  
  If Chrome is just a Safari wrapper, why didn't the hackers just use Safari then? An exploit using the browser used by the vast majority of iOS users is surely more useful than one used only by those who installed Chrome? Most iOS users hardly know what a web browser is, they just know the blue compass icon gets them onto the internet.
  So no, the exploit seems to be specific to Chrome. That's no excuse for Apple (no hijacked app should be able to install apps), but Google does share a small part of the blame.
12. Re: Stolen Work by BasilBrush · 2015-11-02 22:55 · Score: 2
  
  Safari is an app. The Apple webview that Chome and all other apps with webview use is built on WebKit.
  A browser (such as Safari or Chrome) does a fair number of other things than bookmarks. And a webview isn't just a black box. It has callbacks to the app for all manner of events, and options.
  If the exploit is specifically on Chrome and not Safari, then it's probably but not definitely, Google's fault.
13. Re: Stolen Work by chrispix · 2015-11-03 04:35 · Score: 0
  
  Even if it were chrome only, and not safari, how could it be googles fault.. Ultimately it is iOS which failed sandboxing...
14. Re: Stolen Work by Anonymous Coward · 2015-11-03 09:58 · Score: 0
  
  If the exploit requires Google code (Chrome for iOS) to be successful, how is it *not* Google's fault, at least in part?
15. Re: Stolen Work by Anonymous Coward · 2015-11-03 15:18 · Score: 1
  
  If the exploit is specifically on Chrome and not Safari, then it's probably but not definitely, Google's fault.
  If an exploit in a sandboxed application can compromise the security of the entire system then it most definitely is Apple's fault for the poor security design of their system that fails to properly sandbox applications.
16. Re: Stolen Work by exomondo · 2015-11-03 15:21 · Score: 2
  
  If the exploit requires Google code (Chrome for iOS) to be successful, how is it *not* Google's fault, at least in part?
  It is to a degree, but the main point of a "sandbox" is to prevent an application's security vulnerability from compromising the whole OS. If the application is properly sandboxed then whether it is secure or not shouldn't matter with respect to the security of the OS.
interesting by fattmatt · 2015-11-02 11:43 · Score: 2

The popcorn you are eating has been pissed in. Film at eleven.
Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-02 11:48 · Score: 5, Insightful

Unlike the last drive-by exploit (jailbreakme.com, several years ago), this one won't be used to create a jailbreak for users. Instead, the company plans to keep it secret from Apple, selling it to nefarious organizations such as “major corporations in defense, technology, and finance”. I'm sure that also includes government organizations.
Lovely. If Apple had a bug bounty program, maybe the hacker would have sold it to them. Instead, their hubris sees them shut out, and their millions of users completely vulnerable.
1. Re:Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-02 11:49 · Score: 1
  
  its because they don;t have the money... o wait
2. Re:Exploit will be sold, kept secret from Apple by postbigbang · 2015-11-02 11:56 · Score: 3, Insightful
  
  Apple's QA erodes further. They didn't pay bug bounties because they had the churl to believe in their own invincibility..... and like so many others, will meet their matches in new and interesting ways.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
3. Re:Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-02 13:28 · Score: 1, Interesting
  
  Apple's QA is described perfectly in the phrase I've come to use whenever any news like this comes out:
  "You're holding it wrong."
  All you need to know about Apple and what passes for their QA is summed up in those four words.
  Your iPhone gets hacked due to their poor security? "You're holding it wrong."
  Your phone bends in your pocket because they didn't bother using enough material? "You're holding it wrong."
  Your iPhone gets terrible battery life because you didn't luck out in the chip lottery? "You're holding it wrong."
  Your screen gets terrible splotches all over it due to a manufacturing defect with one of the screen manufacturers? "You're holding it wrong."
  Apple doesn't fix bugs. The big new feature in iOS 9.1 was the burrito emoji.
4. Re:Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-02 14:53 · Score: 0
  
  Apple's QA erodes further. They didn't pay bug bounties because they had the churl to believe in their own invincibility..... and like so many others, will meet their matches in new and interesting ways.
  It's hubris, not churi - look it up.
5. Re:Exploit will be sold, kept secret from Apple by postbigbang · 2015-11-02 14:58 · Score: 1
  
  You're right. I sit corrected.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
6. Re:Exploit will be sold, kept secret from Apple by gl4ss · 2015-11-02 15:35 · Score: 2
  
  well, every version of safari so far has had remote execution bugs in it.
  it's kind of puzzling how many they can have, actually, or if they just keep adding shit that creates new holes.
  
  --
  world was created 5 seconds before this post as it is.
7. Re: Exploit will be sold, kept secret from Apple by shitzu · 2015-11-02 20:11 · Score: 1
  
  Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?
  And if you call Apple's IOS "terrible security", what do you call all the other phone OSes? Because IOS is currently most secure of them thanks to the jailbreaking/fixing rat race letting even certain South African murderers off the hook.
  For all we know, this might be just a publicity stunt. I don't even remember when we last had a browser based jailbreak that did not require cabled connection - ios 6?
8. Re:Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-03 07:32 · Score: 1
  
  So a problem that was confined to the first generation iPhone 4 (I have a 4S that I still use at the gym and it is still going strong -battery life with everything turned on is still > 20 hours- and when it was my primary phone, I would hold it like a roll of quarters and I never had a problem) and a problem created by faking the video -in actuality, only 6 of the 13 million sold on the first weekend had the problem; only 9 if you count the ones that no one at Apple got to see because they were never sent in to be exchanged. I have no doubt that you are an android user who has never heard of what once was the open handset project and one that probably has never tried to bend a Samsung Galaxy S (III, IV, or V) because if you had, you would know that ABS and Polyethylene do break and the snap is very real, loud enough, and unlike a bend, renders the née phone useless and very, very, sharp. I also have no doubt that you are an android user because anyone that has had any contact with Apple customer service has had either a fantastic initial customer experience or a fantastic experience with a supervisor and (naturally, depending on the problem) zero chance of ever coming in contact with that employee. Both the battery issue (does make for a slightly faster phone) and the screen issues are things that you can take to the Apple Store and I think you would be pleasantly surprised --well, if you HAD an iPhone.
  Before I am dismissed by the simplistic label: "fanboy", I am, first and foremost, a fan of UNIX; however, I am a particular sort that would rather not think on Friday or Saturday if I can help it and OS X is a Single UNIX Specification (SUS 3 ~POSIX 2001) compliant UNIX and a very well put together one at that. FreeBSD is excellent but would force me to think on days off so I use it as a secondary OS with Debian (Only THE REAL THING will do, STABLE & SECURE!). iOS frees me from the security bottomless pit that is android. Sure, there may be one or two exploits out there for iOS but there are THOUSANDS for android so unless Blackberry (RIM was a better name) suddenly rises from the grave with all their security intact, iOS is the better choice.
  Apple will have an update out within a few days and dumb people are everywhere so some people will fall through the cracks but consider the android users that are still using some form of Kit Kat because their carrier simply has not rolled out an update. Even Samsung's vaunted Galaxy series depends on both Samsung and the carrier providing an update and the carrier has to choose to OTA Samsung's update to you. If they don't, you are out of luck unless you are tech savvy enough to change the ENTIRE OS yourself to Marshmallow and maintain it yourself.
  Several people (over my objections, naturally) in my family have Galaxies and the latest Samsung update is to a mid cycle lollypop and their phones will break rather than bend (I do think that even 1000 out of 13 million would still be awesome quality control --that is Honda level quality) but by all means, enjoy your android phone, I really like the IR emitter in the Galaxy IV and I miss being able to change the channel at the sports bar without waiting for the waitress. Android phones have some good features; of that, there can be no doubt. However, once again, you demonstrate that you do not own an iOS device because there is a whole lot more than an emoji that is new or significantly improved.
9. Re: Exploit will be sold, kept secret from Apple by exomondo · 2015-11-03 15:24 · Score: 1
  
  Why bother paying bug bounties if you can let other people (jailbreakers) pay for them or discover them for free?
  If you read the top level comment of this discussion thread you will see exactly why.
10. Re: Exploit will be sold, kept secret from Apple by shitzu · 2015-11-03 18:14 · Score: 1
  
  All this assumes that this press release is real. That somebody did really find this exploit. Which sound very unlikely. It has publicity bullshit written all over it.
11. Re:Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-03 20:29 · Score: 0
  
  However, once again, you demonstrate that you do not own an iOS device because there is a whole lot more than an emoji that is new or significantly improved.
  Name something.
  Go ahead.
  I'll wait.
  Wait, don't tell me, you're holding your phone wrong so you can't find anything worth mentioning. (Because the "big new thing" in 9.1 has nothing to do with iOS - 9.1 adds support for WatchOS 2. You know, for that smart watch no one owns. Security fixes? No. Bug fixes? No. Bigger ads for Apple Music? Yes! Bigger ads for a watch no one in their right mind would buy? Yes!)
12. Re: Exploit will be sold, kept secret from Apple by exomondo · 2015-11-04 10:00 · Score: 1
  
  Which sound very unlikely.
  Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.
  
  It has publicity bullshit written all over it.
  Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.
13. Re: Exploit will be sold, kept secret from Apple by shitzu · 2015-11-04 11:43 · Score: 1
  
  Which sound very unlikely.
  Yes of course, because Apple just doesn't have bugs so it would be very unlikely that somebody would find one even if offered a million dollars to do so.
  No. Apple has had bugs aplenty. But we've been hearing for quite some time that the jailbreaking is getting harder and harder. And that by teams of people who have spent years and years on it. We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.
  
  Well obviously the company that paid it out is going to want to recoup their investment so they will publicize it. If they had nothing then there is nothing to publicize.
  What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
  I am not saying that jailbreaking is impossible due to the high standards of programming at Apple. I am saying that these guys are just bullshitting.
14. Re: Exploit will be sold, kept secret from Apple by exomondo · 2015-11-04 12:37 · Score: 1
  
  We have not seen a browser based jailbreak for quite a long time and it is extremely unlikely, that there is one now.
  Why? We had remote jailbreaks in ios7 just last year, what has changed since then that makes it "extremely unlikely" now?
  
  What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
  That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.
  
  I am saying that these guys are just bullshitting.
  Just because you don't like the idea of it.
15. Re: Exploit will be sold, kept secret from Apple by shitzu · 2015-11-04 20:17 · Score: 1
  
  What I'm saying is that they are just lying, about the jailbreak as well as the payout. For publicity.
  That makes no sense. The publicity is centered around this one thing, if they can't deliver it to the people they are publicizing it to then they just expose themselves as idiots.
  Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
  IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains. Many news articles carrying their name as people who pay millions for vulnerabilities and also people who supposedly have vulnerability info that can be used. That "market recognition" can be monetized later much more easily than a certain exploit on a certain IOS version with a certain browser that only a minority of people have installed.
  
  I am saying that these guys are just bullshitting.
  Just because you don't like the idea of it.
  I don't like the idea of what? I have not expressed any like or dislike towards either jailbreaking as such or this exploit buying matter. I am just saying it smells like a publicity bullshit.
16. Re:Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-04 22:33 · Score: 0
  
  However, once again, you demonstrate that you do not own an iOS device because there is a whole lot more than an emoji that is new or significantly improved.
  Name something.
  Go ahead.
  I'll wait.
  https://support.apple.com/kb/D... . gee, that was hard to find.
17. Re:Exploit will be sold, kept secret from Apple by Anonymous Coward · 2015-11-04 22:36 · Score: 0
  
  well, every version of chrome so far has had remote execution bugs in it.
  it's kind of puzzling how many they can have, actually, or if they just keep adding shit that creates new holes.
  FTFY
18. Re: Exploit will be sold, kept secret from Apple by exomondo · 2015-11-05 09:47 · Score: 1
  
  Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
  Except to their potential customers to whom they have nothing to sell.
  
  IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.
  No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.
  
  I am just saying it smells like a publicity bullshit.
  And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.
19. Re: Exploit will be sold, kept secret from Apple by shitzu · 2015-11-06 00:25 · Score: 1
  
  Well here's the catch. No one will be able to prove that they have NOT sold it to anyone. So there is no risk of exposing themselves as idiots.
  Except to their potential customers to whom they have nothing to sell.
  "We have sold it to customer Y exclusively, but come to us with any other needs"
  
  IOS jailbreaks have a very short window of usefulness. For instance last jailbreak on the latest IOS9 was only "current" for a week or two (from the realease of jailbreak to the release of 9.1). So all this will expire extremely fast, but the publicity remains.
  No, if you read what they do it is selling the exploits to government agencies so it won't be publicly disclosed as a jailbreak.
  Government agencies do not need exploits, they can order a backdoor, and probably have.
  
  I am just saying it smells like a publicity bullshit.
  And like i said, that makes absolutely no sense whatsoever. If they have nothing to offer then publicity is pointless.
  In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.
20. Re: Exploit will be sold, kept secret from Apple by exomondo · 2015-11-08 10:49 · Score: 1
  
  "We have sold it to customer Y exclusively, but come to us with any other needs"
  If they have nothing to sell that is pointless, what are they going to offer?
  
  Government agencies do not need exploits, they can order a backdoor, and probably have.
  Yes of course, maybe you should take your idea to all those agencies complaining about the inability to access seized Apple devices.
  
  In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.
  So you don't actually know or have any idea at all, your answer is just "because of the Kardashians".
21. Re: Exploit will be sold, kept secret from Apple by shitzu · 2015-11-08 22:57 · Score: 1
  
  Yes, you've nailed it, your reading skills are excellent. Because of the Kardashians.
22. Re: Exploit will be sold, kept secret from Apple by exomondo · 2015-11-09 09:40 · Score: 1
  
  Yes, you've nailed it, your reading skills are excellent. Because of the Kardashians.
  Well that is what you said: "In a world where Kardashians exist? Publicity is worth much more than any exploit or deliverable good or service.", it's complete and utter rubbish but it is what you said.
Is that the price of viral news stories these days by JoeyRox · 2015-11-02 11:49 · Score: 1

If it looks like BS, sounds like BS, and smells like BS, then it's probably some stupid marketing exec's scheme to drum up publicity.
The NSA circumventing security measures? by ZipK · 2015-11-02 11:53 · Score: 1

This exploit would allow [the NSA and CIA] to get around any security measures and get into the target’s iPhone to intercept calls, messages, and access data stored in the phone.
The NSA and CIA are going to circumvent technological measures in contravention of the DMCA? Does the FBI know about this?
1. Re:The NSA circumventing security measures? by viperidaenz · 2015-11-02 11:56 · Score: 1
  
  They're not circumventing digital rights management systems
  Can you explain how this would violate the DMCA?
2. Re: The NSA circumventing security measures? by Anonymous Coward · 2015-11-02 12:50 · Score: 0
  
  You're modifying a device in ways unintended by the manufacturer. That's enough to be a DMCA violation.
3. Re: The NSA circumventing security measures? by NotQuiteReal · 2015-11-02 13:03 · Score: 1
  
  in ways unintended by the manufacturer
  
  It works that way, it was manufactured, it passed QA and was sold. Of course it was intended to work that way. Q.E.D.
  
  --
  This issue is a bit more complicated than you think.
4. Re:The NSA circumventing security measures? by BasilBrush · 2015-11-02 22:59 · Score: 1
  
  Even if this did otherwise come under the DMCA, there's probably an exception in the law for US security services.
5. Re: The NSA circumventing security measures? by macs4all · 2015-11-03 09:56 · Score: 1
  
  in ways unintended by the manufacturer It works that way, it was manufactured, it passed QA and was sold. Of course it was intended to work that way. Q.E.D.
  What a maroon!
  
  Just because something SLIPS THROUGH QA, doesn't mean it was INTENDED.
  
  Fucking Fucktard.
  
  And then you have the hubris to feign knowledge of Latin...
iphone hack by Anonymous Coward · 2015-11-02 11:54 · Score: 5, Funny

This story is just ludicrous. I mean come on, really.
-- Sent from my iPhone
**Buy penis enlargement pills and viagra CHEAP! www.haxorezhackedme.com/viagra1.asp
Laugh by koan · 2015-11-02 12:05 · Score: 1

The NSA is furious!

--
"If any question why we died, Tell them because our fathers lied."
1. Re:Laugh by PRMan · 2015-11-02 12:44 · Score: 1
  
  Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
2. Re:Laugh by Synapse001 · 2015-11-03 07:54 · Score: 1
  
  Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!
  You mean now they have to go through all the data they already collected on Zerodium to get the hack for free.
3. Re:Laugh by macs4all · 2015-11-03 09:58 · Score: 1
  
  Yeah, now they have to pay a few million to have it delivered to them on a silver platter. What a bummer!
  If you're talking about the NSA, You mean:
  
  "Yeah, now we have to pay a few million to have it delivered to them on a silver platter."
  
  FTFY.
Doesn't make sense to publicize by Anonymous Coward · 2015-11-02 12:13 · Score: 3, Insightful

Surely an unknown zero-day remote exploit would worth more than a publicized one?
If you are in the business of buying zero-days and sell to the highest bidder, it doesn't make sense to let Apple know that one is found. A much better approach is to require anyone claiming the bounty to keep quiet, so the buying can use the zero-day for much longer before anyone notice.
1. Re:Doesn't make sense to publicize by AHuxley · 2015-11-02 12:37 · Score: 2
  
  It can be about attracting and buying up skills. The more people know who is buying, the prices and that people from around the world will be trusted to buy and sell long term, the better branding for the bounty system.
  Better to attract ten new ways in from different skilled creators than hope a good hidden method stays open.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:Doesn't make sense to publicize by KGIII · 2015-11-02 17:45 · Score: 2
  
  Interestingly enough, I notice the lack of three people who constantly scream about their iDevices and how glorious they are. Ah well... I don't have anything against Apple but I do find some of their believers to be a bit much. I'd think it a bit more honest of them to come in here and accept the music rather than trying to minimize it or ignore it.
  Yeah, it has a security issue. So? Everything out there probably does. Give someone incentive and it will be found. Nothing is secure. Blindly following a greedy corporation is just silly.
  
  --
  "So long and thanks for all the fish."
3. Re:Doesn't make sense to publicize by Proaxiom · 2015-11-02 20:32 · Score: 1
  
  Indeed. Anybody paying for exploits or vulnerabilities is also paying for exclusivity. Even the vendor bug bounty programs, which constitute the moral high ground in disclosing security problems, don't pay out unless you keep it quiet until they issue a patch.
4. Re:Doesn't make sense to publicize by Anonymous Coward · 2015-11-02 22:36 · Score: 0
  
  This is a very successful name recognition campaign for Zerodium.
  and it worked
5. Re:Doesn't make sense to publicize by macs4all · 2015-11-03 10:04 · Score: 1
  
  Interestingly enough, I notice the lack of three people who constantly scream about their iDevices and how glorious they are. Ah well... I don't have anything against Apple but I do find some of their believers to be a bit much. I'd think it a bit more honest of them to come in here and accept the music rather than trying to minimize it or ignore it.
  Yeah, it has a security issue. So? Everything out there probably does. Give someone incentive and it will be found. Nothing is secure. Blindly following a greedy corporation is just silly.
  Well, if it is only accessible through Chrome, then it is more likely a Chrome vulnerability than an iOS one. But it still sounds fairly "real".
  
  The question is, is this something that is exploitable as a "Drive-By", or does it have so many moving parts that the only people that will be "exploited" will be those who WANT to JailBreak their iPhones?
  
  Oh, and now, who were the other two? ;-)
6. Re:Doesn't make sense to publicize by Anonymous Coward · 2015-11-03 15:27 · Score: 0
  
  Well, if it is only accessible through Chrome, then it is more likely a Chrome vulnerability than an iOS one.
  If the security of the system can be compromised via a supposedly sandboxed application then it is most definitely the fault of the operating system that implements that failed sandbox.
7. Re:Doesn't make sense to publicize by macs4all · 2015-11-03 22:35 · Score: 1
  
  Well, if it is only accessible through Chrome, then it is more likely a Chrome vulnerability than an iOS one.
  If the security of the system can be compromised via a supposedly sandboxed application then it is most definitely the fault of the operating system that implements that failed sandbox.
  And as I was entering my comment, that is exactly what I was thinking, too. HOWEVER, I broke the rules and actually read TFA, and there are so few details that there is absolutely no way to verify that it isn't all a complete lie, or even if it is true, that the exploit doesn't require active participation by the user.
8. Re:Doesn't make sense to publicize by Anonymous Coward · 2015-11-04 10:05 · Score: 0
  
  And as I was entering my comment, that is exactly what I was thinking, too. HOWEVER, I broke the rules and actually read TFA, and there are so few details that there is absolutely no way to verify that it isn't all a complete lie, or even if it is true, that the exploit doesn't require active participation by the user.
  Well yes that is the nature of a secret vulnerability, you really think they are going to describe to you how it works? It isn't going to be worth much if it isn't as described. Regardless, if it is what they say it is then it absolutely is a failure of iOS's application sandbox.
Zerodium marketing ploy by Anonymous Coward · 2015-11-02 12:34 · Score: 1

Sounds like a zeroium marketing ploy. After all they've just set up, offered $1 MEELLION, make a fake payout, free publicity...
Now they have an exploit worth $1 MEALYON, at least in publicity terms.
Or perhaps they've been paid to attack the trust in iPhone by creating the illusion of a well hacked phone.
> "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities."
So basically startup says it has a hack and paid $1 million to buy it. Apple should now sue them to get the hack and reveal the smear.
1. Re: Zerodium marketing ploy by Anonymous Coward · 2015-11-02 12:57 · Score: 0
  
  Why would Apple gave the right to sue someone or a business for gathering Intel on how their product sucks/is inferior/is vulnerable? If I offered 10 dollars for someone to prove or convince me that White Castle or McDonald's is not the healthiest choice of restaurants... do they have the right to sue me for character defamstion, reaviling internal secrets, or some other bs.
2. Re: Zerodium marketing ploy by Anonymous Coward · 2015-11-02 17:35 · Score: 0
  
  Depends on the jurisdiction. In the UK, or so I hear, you can be sued for defamation even if your allegations are factual in nature.
  In the US you are generally immune from prosecution if you report something factual even if it is not in some entity's best interests. Freedom of speech and all.
3. Re:Zerodium marketing ploy by Anonymous Coward · 2015-11-02 22:40 · Score: 0
  
  My thoughts exactly, well done zerodium, congrats of the successful trolling of most tech publications out there (including /. )
4. Re:Zerodium marketing ploy by Anonymous Coward · 2015-11-02 23:43 · Score: 0
  
  Man, listen to what are you saying. Months ago a simple crafted SMS message would instantly reboot the iPhone... come on, IOs is buggy (if not more) as any other phone OS.
  You need to stop sucking Jobs dead, putrid balls.
5. Re:Zerodium marketing ploy by Zontar+The+Mindless · 2015-11-03 00:45 · Score: 1
  
  I knew I'd heard of this guy before.
  
  --
  Il n'y a pas de Planet B.
6. Re:Zerodium marketing ploy by macs4all · 2015-11-03 10:07 · Score: 1
  
  Man, listen to what are you saying. Months ago a simple crafted SMS message would instantly reboot the iPhone
  From what I heard from people trying it, it was anything BUT "simple crafted".
7. Re:Zerodium marketing ploy by Anonymous Coward · 2015-11-04 05:46 · Score: 0
  
  Don't forgot that Android had the recent Stagefright vulnerability through SMS too.
8. Re:Zerodium marketing ploy by Anonymous Coward · 2015-11-04 22:58 · Score: 0
  
  Oh well, I rebooted my work colleagues iPhones literally hundreds of times. Sometimes the phones spent only seconds turned on between reboots. It was child's play once you knew what you needed to send.
  Anyway, I think the GP point is... phone OS have bugs and plenty of it. There's no reason to believe that Apple is different and just crazy distortion field driven fanboism would justify thinking the contrary.
9. Re:Zerodium marketing ploy by macs4all · 2015-11-05 04:28 · Score: 1
  
  Oh well, I rebooted my work colleagues iPhones literally hundreds of times. Sometimes the phones spent only seconds turned on between reboots.
  That's just cruel! ;-)
Exploit is though Chome browser by romanval · 2015-11-02 12:42 · Score: 1

It's dubious how much that exploit is worth... as Chrome is not preinstalled in any iOS device. Apple can just ban the app it until it gets a security update.
1. Re: Exploit is though Chome browser by Anonymous Coward · 2015-11-02 12:52 · Score: 0
  
  As many have already pointed out before, Chrome on iOS is just a skin for Safari since Apple doesn't allow 3rd party browser engines.
2. Re: Exploit is though Chome browser by JaredOfEuropa · 2015-11-02 13:05 · Score: 2
  
  The vulnerability appears to rely on Chrome though, not Safari.
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
3. Re:Exploit is though Chome browser by Anonymous Coward · 2015-11-02 13:14 · Score: 0
  
  I'm sure Apple loves this announcement. "Don't install Chrome, it is the evils!"
4. Re: Exploit is though Chome browser by Anonymous Coward · 2015-11-02 13:30 · Score: 0, Insightful
  
  RTFA, works on Safari, Chrome, SMS or mms
5. Re: Exploit is though Chome browser by LordKronos · 2015-11-02 14:01 · Score: 1, Flamebait
  
  RTFA, works on Safari, Chrome, SMS or mms
  Perhaps you should RTFA more carefully. If you did, you'd notice that TFA mentions the challenge required that the exploit work through one of those 4 mechanism, but the actual exploit itself only works through Chrome (or at least that's the only one mentioned specifically).
6. Re: Exploit is though Chome browser by Anonymous Coward · 2015-11-02 14:03 · Score: 0
  
  No, it was the contest that specified that the initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, OR a text or multimedia message. TFA states that the team found vulnerabilities in Chrome and iOS suggesting that they used Chrome as their vector of attack.
7. Re:Exploit is though Chome browser by ArchieBunker · 2015-11-02 15:47 · Score: 1
  
  I though Apple wouldn't let other browsers run on iOS? Everything else was just a skin for Safari.
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
8. Re: Exploit is though Chome browser by Anonymous Coward · 2015-11-02 18:24 · Score: 1
  
  Chrome and Safari are both based on WebKit-- but their underlying tech (JavaScript compiler, process management, ect) is different; hence why the exploit only works in Chome.
9. Re:Exploit is though Chome browser by angel'o'sphere · 2015-11-02 21:37 · Score: 1
  
  AFAIK Chrome uses the same rendering engine as Safari, so what is the point in banning it?
  Where would be the extra explot path in Chrome versus Safari? IMHO there is none.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
10. Re:Exploit is though Chome browser by SpectreBlofeld · 2015-11-03 02:35 · Score: 1
  
  Just because Chrome uses the same renderer as Safari doesn't mean that the apps are identical in every way.
11. Re:Exploit is though Chome browser by romanval · 2015-11-03 02:38 · Score: 1
  
  the rendering engine is the same (WebKit), but the JavaScript interpreter/JIT is different; Safari uses Nitro; which non-Safari apps can't use.
12. Re: Exploit is though Chome browser by Anonymous Coward · 2015-11-03 04:25 · Score: 0
  
  sounds like a good reason to use Firefox.
13. Re:Exploit is though Chome browser by tlhIngan · 2015-11-03 04:34 · Score: 1
  
  the rendering engine is the same (WebKit), but the JavaScript interpreter/JIT is different; Safari uses Nitro; which non-Safari apps can't use.
  The reason for this is Nitro compiles Javascript code to native code, something most high end JavaScript engines do these days. But that introduces an obvious security hole, so what Apple did was sandbox Safari even more so Safari can't do things that regular applications can to avoid security issues.
  Regular UIWebView applications can't use this because it would be too limiting an environment, so they use a safer interpreter to do it.
  The real question becomes - is it a bug in UIWebView, or is it a series of bugs that exploit UIWebView and then Chrome itself, so that any change could easily disrupt the bug?
14. Re: Exploit is though Chome browser by macs4all · 2015-11-03 10:08 · Score: 1
  
  As many have already pointed out before, Chrome on iOS is just a skin for Safari since Apple doesn't allow 3rd party browser engines.
  Um, apparently NOT; since Safari doesn't do it, and Chrome does.
15. Re:Exploit is though Chome browser by david_thornley · 2015-11-03 12:32 · Score: 1
  
  AIUI, Apple doesn't allow other rendering engines, so all the browsers have to use the iOS version of Webkit. That leaves room for a lot of differences.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
16. Re: Exploit is though Chome browser by Anonymous Coward · 2015-11-03 13:48 · Score: 0
  
  such a thing cannot exist
17. Re:Exploit is though Chome browser by Anonymous Coward · 2015-11-03 16:04 · Score: 0
  
  I'm sure Apple loves this announcement. "Don't install Chrome, it is the evils!"
  What do you mean, "loves this"? They paid a million for it...
18. Re: Exploit is though Chome browser by Anonymous Coward · 2015-11-04 05:50 · Score: 0
  
  Just curious, do you know if the regular "Google" app on iOS has the same vulnerability as Chrome?
  I don't use Chrome on iOS, but I do use the Google app for quick searches and asking questions Siri should know, but doesn't (business hours, etc.).
19. Re: Exploit is though Chome browser by macs4all · 2015-11-04 06:39 · Score: 1
  
  Just curious, do you know if the regular "Google" app on iOS has the same vulnerability as Chrome? I don't use Chrome on iOS, but I do use the Google app for quick searches and asking questions Siri should know, but doesn't (business hours, etc.).
  Sorry, don't know. My guess would be "no", though.
Apple recouping losses by Anonymous Coward · 2015-11-02 16:57 · Score: 0

In related news, the same group of hackers was just sued by apple for 2 million dollars for jail breaking the I-phone.
Is NSA paying for the bounty perhaps, or.. by Anonymous Coward · 2015-11-02 20:40 · Score: 0

Is NSA paying for the bounty perhaps, or are all the new 0-days published and fixed?
Hacker for hire by Anonymous Coward · 2015-11-03 06:45 · Score: 0

Require services of a certified and experienced ethical hacker for your
general ethical and specialized Hacks?
+ Contact us at leehacks92@gmail.com,serious enquiries only!