A company that zero-day vulnerabilities from researchers buys and prepares them to government agencies and large enterprises to sell through has a reward of one million dollars promised for a zero-day vulnerability in iOS 9. This is a vulnerability that needs to be through the browser are attacked and the attacker gives permanent access to the iOS device.
There should be no further user interaction is required, except to visit the web page. In addition, researchers get paid even if the attack can be performed via SMS or MMS. Zerodium, as the company is called, says that the vulnerability should be exclusive. In its own text with the requirement for zero-day talk of an "untethered jailbreak", but according to security expert Robert Graham, this is a red herring because it Zerodium not a jailbreak to do.
"A 'browser-based jailbreak is the same as a browser-based zero day", says Graham. According to the expert, there is intelligence from a high demand for these types of vulnerabilities. Especially now, half of iPhone users now iOS 9 installed would intelligence lose access can get into the systems of targets. Unless they have a new zero-day attack, says Graham. Since Zerodium states that the zero-day vulnerability to be exclusive, he expects the company's vulnerability will then sell them to multiple parties.
No comments:
Post a Comment