Looking for a quick way to become a millionaire? Just try hacking the iPhone.
Software security firm Zerodium revealed today that it has raised the price of its permanent bounty on iOS zero-day exploits, giving hackers a chance to earn up to $1.5 million if their exploit meets all the requirements.
Apple’s Gatekeeper feature was designed to keep even the most advanced users from accidentally installing malicious software on their computers, but a super-simple exploit lets hackers sneak malware onto your Mac.
The exploit was discovered by Patrick Wardle, director of research at security firm Synack. Wardle found that the exploit is made possible thanks to a key design shortcoming in Gatekeeper that lets an attacker use a binary file already trusted by Apple to execute malicious files.
While millions of iPhone users have eagerly upgraded to iOS 9, a new race is on among researchers to find critical flaws in Apple’s software, and they’re throwing around more cash than ever to get hackers to find the holes.
A new security industry firm called Zerodium announced today that it will pay hackers $1 million for a single exploit that allows attackers to break into an iPhone or iPad running iOS 9. The company says its even willing to pay the bounty multiple times, as long as the exploits break through iOS 9’s security flaws a certain way.
iOS security researchers Jan Souček has discovered a new bug in iOS’s mail client that could trick users into accidentally giving attackers their AppleID and password.
The Mail app exploit was discovered at the beginning of 2015, and Apple’s engineers were quickly notified of its existence, but a fix for the bug hasn’t been released in any of the updates following iOS 8.1.2. According to Souček, the bug allows remote HTML content to be loaded, making it possible to build a password collector that looks just like an iCloud sign-in prompt.
Thanks to Apple’s strict software approval process, iOS devices are generally considered some of the most secure. But you might want to be careful about where you plug them in for charging. Researchers at the Georgia Institute of Technology have developed a modified charger capable of installing malware onto any device running Apple’s latest iOS operating system.
Shortly after the evasi0n jailbreak made its much-anticipated debut earlier this week, Apple pushed out its iOS 6.1.1 beta to registered developers. We suspected that the new release would patch the exploits that evasi0n used to hack iOS devices, but fortunately for the many millions of people enjoying its benefits, that’s not the case. At least not yet.
Now that Apple is fixing the in-app purchasing exploit that Russian hacker Alexei Borodin brought to light this week, it seems as if he’s at it again. This time, however, it’s an in-app purchasing hack that works in the Mac App Store.
The method here is similar as the one Borodin used in iOS, with the user installing some fake security certificates and then pointing the Mac’s DNS servers at a false server run by Borodin. The remote server then pretends to be the actual Mac Store and verifies the purchase, bypassing the real system for in-app purchases set up by Apple and use by developers of Mac apps. Borodin claims that this system has allowed approximately 8.4 million free purchases so far.
Jailbreakers who rather foolishly updated to iOS 5.1 shortly after its release earlier this year are still waiting for an exploit that will allow them to reclaim root access to their device. But according to iOS hacker Pod2g, that exploit could only be another month (or two) away.