Slashdot Mirror
Somebody Just Claimed a $1 Million Bounty For Hacking the iPhone (vice.com)
citadrianne writes with news that security startup Zerodium has just paid a group of hackers $1 million for finding a remote jailbreak of an iPhone running iOS 9. Vice reports: "Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities. The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple's mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants app with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message. This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs."
Nope. The title and summary of this article don't stress the important point: that it's purely browser-based. Visit the wrong website and you're compromised. Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable. Thanks, Apple!
Apple's QA is described perfectly in the phrase I've come to use whenever any news like this comes out:
"You're holding it wrong."
All you need to know about Apple and what passes for their QA is summed up in those four words.
Your iPhone gets hacked due to their poor security? "You're holding it wrong."
Your phone bends in your pocket because they didn't bother using enough material? "You're holding it wrong."
Your iPhone gets terrible battery life because you didn't luck out in the chip lottery? "You're holding it wrong."
Your screen gets terrible splotches all over it due to a manufacturing defect with one of the screen manufacturers? "You're holding it wrong."
Apple doesn't fix bugs. The big new feature in iOS 9.1 was the burrito emoji.