Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9.
Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium, a startup by French-based company Vupen that Buys and Sells zero-day exploits.
And Guess what, in How much?
$1,000,000. Yes, $1 Million.
Last month, a Bug bounty challenge was announced by Zerodium for finding a hack that must allow an attacker to remotely compromise a non-jailbroken Apple device through:
- A web page on Safari or Chrome browser,
- In-app browsing action, or
- Text message or MMS.
Zerodium's Founder Chaouki Bekrar confirmed on Twitter that an unnamed group of hackers has won this $1 Million Bounty for sufficiently submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit.
NO More Fun. It's Serious Threat to iOS Users
For those who are not aware, this remote Jailbreak is not really cool.
Why? Because…
The only difference between a malicious cyber attack and Jailbreak is – Payload, the code that executes on target system after exploitation.
A traditional jailbreak process is usually used to deploy an alternative App Store, but in hands of Hackers or law enforcement agencies, the same exploit can allow them to install any app they want with full privileges i.e. Spyware, Malware or Surveillance software.
Moreover, We know that Zerodium's parent company Vupen develops hacking techniques based on those bugs and typically sells them to multiple government customers.
Also Read: For Better Privacy & Security, Change these iOS 9 Settings Immediately.
Also Read: For Better Privacy & Security, Change these iOS 9 Settings Immediately.
So, the chances are high that the firm will resell the newly discovered and undisclosed remote iOS zero-day jailbreak exploit to its clients, which are said to include Spy agencies, Governments, and Law enforcement agencies.
Your Turn, Apple…
Let's see how much time Apple security team will now take to find out this open zero-day bug in its software and close the doors before it gets too late.