Archive for the ‘zerodium’ Category
The prices for James Bond-style hacks keep growing, especially for those that hijack iPhones and secure messaging apps. It's the latest sign that governments and police forces around the world are as eager as ever to exploit software that's becoming ever more difficult to compromise.
On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage. Previously, Zerodium was offering $1.5 million, $1 million, and $500,000 for the same types of exploits respectively. The steeper prices indicate not only that the demand for these exploits continues to grow, but also that reliably compromising these targets is becoming increasingly hard.
"I think one conclusion is that targets are getting harder to exploit," Patrick Wardle, a former hacker for the National Security Agency and now a cofounder of Digital Security, told Ars. "But also another is that there is now a higher demand for exploits." He continued:
Well, there’s some good news for Hackers and Bug hunters, though a terrible news for Apple!
Exploit vendor Zerodium has tripled its bug bounty for an Apple’s iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million.
Yes, $1,500,000.00 Reward.
That’s more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program.
A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player’s Heap Isolation mitigation.
Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit.
Posted in Adobe Flash Player, Flash exploit, Flash Player Update, hacking news, sandbox bypass, Use-After-Free Vulnerabilities, Vulnerability, zero-day exploit, Zero-Day Vulnerability, zerodium | Comments (0)
Adobe’s announcement that it has retooled—and renamed—Flash is a longterm signal that the vulnerable and fatigued platform is on its last legs.
Posted in adobe, Adobe Flash, Adobe Flash exploits, Adobe Flash Vulnerabilities, adobe security, Animate CC, click-to-play plugin, Cody Pierce, Craig Young, Duo Security, Endgame, Flash Professional CC, Flash zero day, html5, Mike Hanley, Tripwire, vulnerabilities, Web Security, zerodium | Comments (0)
Well, here’s some terrible news for all Apple iOS users…
Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9.
Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium, a startup by French-based company Vupen that Buys and Sells zero-day exploits.
And Guess what,
Posted in Apple iOS 9, browser hacking, Bug Bounty Program, hacking iphone, hacking news, iOS 9.0 jailbreak, iphone hack, jailbreak, Vulnerability, Vupen, Web browser security, Zero-Day Vulnerability, zerodium | Comments (0)