Archive for the ‘zerodium’ Category

Zeroday exploit prices are higher than ever, especially for iOS and messaging apps

January 7th, 2019
Close-up image of phones prominently displayed on a wooden table in a brightly lit, streetside store.

Enlarge / iPhones are seen at an Apple Store in Tianjin, China. (credit: Zhang Peng/LightRocket via Getty Images)

The prices for James Bond-style hacks keep growing, especially for those that hijack iPhones and secure messaging apps. It's the latest sign that governments and police forces around the world are as eager as ever to exploit software that's becoming ever more difficult to compromise.

On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage. Previously, Zerodium was offering $1.5 million, $1 million, and $500,000 for the same types of exploits respectively. The steeper prices indicate not only that the demand for these exploits continues to grow, but also that reliably compromising these targets is becoming increasingly hard.

"I think one conclusion is that targets are getting harder to exploit," Patrick Wardle, a former hacker for the National Security Agency and now a cofounder of Digital Security, told Ars. "But also another is that there is now a higher demand for exploits." He continued:

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, exploits, iOS, zerodays, zerodium | Comments (0)

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits

September 30th, 2016

Well, there’s some good news for Hackers and Bug hunters, though a terrible news for Apple!

Exploit vendor Zerodium has tripled its bug bounty for an Apple’s iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million.

Yes, $1,500,000.00 Reward.

That’s more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program.
<

Posted in 0day Exploit, Android Exploit Code, buy zero-day exploit, hacking news, iOS exploit, Vupen, zero-day exploit, zerodium | Comments (0)

Zerodium Offers $100,000 for Flash Zero-Day Exploit that Bypasses Mitigations

January 5th, 2016

A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player’s Heap Isolation mitigation.

Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit.

Posted in Adobe Flash Player, Flash exploit, Flash Player Update, hacking news, sandbox bypass, Use-After-Free Vulnerabilities, Vulnerability, zero-day exploit, Zero-Day Vulnerability, zerodium | Comments (0)

Flash’s Farewell Under Way

December 3rd, 2015

Adobe’s announcement that it has retooled—and renamed—Flash is a longterm signal that the vulnerable and fatigued platform is on its last legs.

Posted in adobe, Adobe Flash, Adobe Flash exploits, Adobe Flash Vulnerabilities, adobe security, Animate CC, click-to-play plugin, Cody Pierce, Craig Young, Duo Security, Endgame, Flash Professional CC, Flash zero day, html5, Mike Hanley, Tripwire, vulnerabilities, Web Security, zerodium | Comments (0)

Hackers WIN $1 Million Bounty for Remotely Hacking latest iOS 9 iPhone

November 2nd, 2015

Well, here’s some terrible news for all Apple iOS users…

Someone just found an iOS zero-day vulnerability that could allow an attacker to remotely hack your iPhone running the latest version of iOS, i.e. iOS 9.

Yes, an unknown group of hackers has sold a zero-day vulnerability to Zerodium, a startup by French-based company Vupen that Buys and Sells zero-day exploits.

And Guess what,

Posted in Apple iOS 9, browser hacking, Bug Bounty Program, hacking iphone, hacking news, iOS 9.0 jailbreak, iphone hack, jailbreak, Vulnerability, Vupen, Web browser security, Zero-Day Vulnerability, zerodium | Comments (0)