The deadline for Zerodium’s iOS 9 bug bounty officially ended last month, and the company announced today that one team managed to claim the million-dollar prize by providing an improbable hack that allows attackers to remotely jailbreak the newest iPhone operating system.
It appears Apple’s arrogance is getting in the way of protecting its users from a long standing SMS exploit that could allow potential hackers to spoof a reply-to number, causing the recipient to think he/she is replying to a legitimate contact, when in reality, their information is being sent to the hackers designated address. As you can imagine, this is quite troublesome, yet Apple has brushed it away despite numerous pleas made by a well known iOS hacker (pod2g):
Setting up a passcode for your iOS device is one of the first steps you can take to keep your data safe. It prevents access to your device, blocking unauthorized user from accessing your personal data, photographs, contacts, messages, and anything else you have stored inside.
However, that passcode lock is useless when it comes up against a piece of software called XRY from the Swedish security firm Micros Systemation. With XRY, your personal data, call logs, GPS location data, contacts, and even keystrokes can all be extracted and decrypted in under ten minutes.
Despite a message posted to Twitter by Pod2g earlier this week, suggesting an untethered jailbreak for the iPhone 4S was less than a week away from public release, a new blog post detailing the iOS hacker’s process indicates the exploit could still be weeks away yet.
Pod2g has revealed that his new exploit requires a developer account to inject the necessary files to your device, and until he finds a way around this, the hack will not see a public release.
We told you a couple of hours ago about security guru Charlie Miller’s new iOS vulnerability that allows an approved App Store app to run unsigned code remotely. Miller has been hacking Apple’s products for years, and this most recent bug is a particularly nefarious exploit that could be used for all kinds of evil purposes.
Charlie Miller is one of the good guys, however, and he is planning to show his cards at the SysCan conference in Taiwan next week. The ends don’t always justify the means in this case, as Apple has now kicked Miller out of the App Store and iOS Developer Program.