Posted by: David Harley | November 2, 2015

How much is a 0-day worth?

$1,000,000 to Zerodium, apparently. The company acquires 0-day exploits and sells them to ‘major corporations in defense, technology, and finance … as well as government organizations in need of specific and tailored cybersecurity capabilities.’

Back in September, the company offered a $1m bounty for exclusive hacks offering a way to take over an iOS 9.* device remotely via a browser-based, untethered jailbreak. I guess we can assume it expects to make a healthy profit on such hacks.

And sure enough, Zerodium has announced that one team has made a remote browser-based iOS untethered jailbreak that works on iOS 9.1/9.2b.

I’d love to tell you more about it, but I don’t think I can afford to be one of Zerodium’s customers. There are some more speculative responses from researchers quoted in a Motherboard article here. Unsurprisingly, I suppose, it seems that Apple hasn’t responded.

HT to Artem I. Baranov for flagging the announcement.

David Harley

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: