The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Vupen

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits

September 30, 2016Mohit Kumar
Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple! Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million. Yes, $1,500,000.00 Reward. That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program. Zerodium, a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world, previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily increased to $1 Million for a competition help by the company last year. The company paid out $1 million contest reward for the first three iOS 9 zero-days in November to an unnamed hacker group, then lowered the price again to $500,000. With the recent release of iOS 10, Zerodium has agreed to pay $1.5 Million to anyone who can pull off a remote jail
Hackers WIN $1 Million Bounty for Remotely Hacking latest iOS 9 iPhone

Hackers WIN $1 Million Bounty for Remotely Hacking latest iOS 9 iPhone

November 02, 2015Swati Khandelwal
Well, here's some terrible news for all Apple iOS users… Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9. Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium , a startup by French-based company Vupen that Buys and Sells zero-day exploits. And Guess what, in How much? $1,000,000. Yes, $1 Million. Last month, a Bug bounty challenge was announced by Zerodium for finding a hack that must allow an attacker to remotely compromise a non-jailbroken Apple device through: A web page on Safari or Chrome browser, In-app browsing action, or Text message or MMS. Zerodium's Founder Chaouki Bekrar confirmed on Twitter that an unnamed group of hackers has won this $1 Million Bounty for sufficiently submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit. NO More Fun. It's Serious Threat to iOS Use
Exploit-Selling Firm Kept Internet Explorer Zero-Day Vulnerability Hidden for 3 Years

Exploit-Selling Firm Kept Internet Explorer Zero-Day Vulnerability Hidden for 3 Years

July 24, 2014Mohit Kumar
A French information security company VUPEN has recently disclosed that it held onto a serious Internet Explorer (IE) vulnerability for at least three years before revealing it at the Pwn2Own hacker competition held in March this year. The critical zero-day vulnerability affected versions 8, 9, 10 and 11 of Internet Explorer browser that allowed attackers to remotely bypass the IE Protected Mode sandbox. An attacker can exploit this issue to gain elevated privileges. VULNERABILITY DISCLOSURE TIMELINE According to a disclosure made by the security company last week, the vulnerability with ID  CVE-2014-2777  was discovered by the company on 12 February 2011, which was  patched by Microsoft  last month. 12 February 2011 - IE Zero-day discovered by Vupen. 13 March 2014 - Vupen reported to Microsoft. 11 June 2014 - Microsoft Released patch and publicly released the advisory . Sandbox is security mechanism used to run an application in a restricted environment. If an attacker is ab
NSA bought Hacking tools from 'Vupen', a French based zero-day Exploit Seller

NSA bought Hacking tools from 'Vupen', a French based zero-day Exploit Seller

September 18, 2013Mohit Kumar
The US government, particularly the National Security Agency  has been paying a French security firm for backdoors and zero day hacks. According to a contract newly released in response to a Freedom of Information request, last year the NSA purchased a 12-month subscription to a “ binary analysis and exploits service ” sold by Vupen, a zero-day Exploit Seller based in France. VUPEN is one of a handful of companies that sell software exploits and vulnerability details, who do original vulnerability research and develop exploits for bugs that they find. They Sold those exploits to the Governments and Law enforcement agencies. VUPEN has promised that the company only will sell its services to NATO countries and will not deal with oppressive regimes. It is unclear how much money the NSA spent on the Vupen exploits package because the cost has been redacted in the released contract. Last year, Vupen researchers successfully cracked Google's Chrome browser, but declined to
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.