iPhone exploit bounty surges to an eye-popping $1.5 million

Enlarge (credit: Antoine Taveneaux)
A controversial broker of security exploits is offering $1.5 million (£1.2 million) for attacks that work against fully patched iPhones and iPads, a bounty that’s triple the size of its previous one.
Zerodium als…

Enlarge (credit: Antoine Taveneaux)

A controversial broker of security exploits is offering $1.5 million (£1.2 million) for attacks that work against fully patched iPhones and iPads, a bounty that's triple the size of its previous one.

Zerodium also doubled, to $200,000, the amount it will pay for attacks that exploit previously unknown vulnerabilities in Google's competing Android operating system, and the group raised the amount for so-called zeroday exploits in Adobe's Flash media player to $80,000 from $50,000. After buying the working exploits, the company then sells them to government entities, which use them to spy on suspected criminals, terrorists, enemies, and other targets.

Last year, Zerodium offered $1 million for iOS exploits, up to a total of $3 million. It dropped the price to $500,000 after receiving and paying for three qualifying submissions. On Thursday, Zerodium founder Chaouki Bekrar said the higher prices are a response to improvements the software makers—Apple and Google in particular—have devised that make their wares considerably harder to compromise.

Read 7 remaining paragraphs | Comments

New OS X security updates patch same zero-days as iOS 9.3.5

Updates come nearly a week after equivalent bugs were patched in iOS.

Enlarge (credit: Apple)

Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates.

Today, Apple has released updates for Safari 9 and OS X El Capitan and Yosemite that collectively patch the three "Trident" bugs in its desktop operating system. It's not clear whether the bugs affect Mavericks or any older versions of OS X, but we've reached out to Apple for comment and will update the article if we receive a response.

We've also asked Apple why so many days elapsed between the release of iOS 9.3.5 and the release of the OS X versions of the same patches. iOS 9.3.5 was accompanied by disclosures from Citizen Lab and Lookout, the groups that discovered the bugs. In theory, patching iOS without also patching the equivalent bugs in OS X could leave Mac users more open to attack.

Read 1 remaining paragraphs | Comments

Actively exploited iOS flaws that hijack iPhones patched by Apple

Jailbreak vulnerabilities allowed attackers to tap encrypted chat messages.

Enlarge / iPhone Spyware known as Pegasus intercepts confidential data. (credit: Lookout)

Apple has patched three high-severity iOS vulnerabilities that are being actively exploited to infect iPhones so attackers can steal confidential messages from a large number of apps, including Gmail, Facebook, and WhatsApp, security researchers said Thursday.

The spyware has been dubbed Pegasus by researchers from mobile security provider Lookout; they believe it has been circulating in the wild for a significant amount of time. Working with researchers from University of Toronto-based Citizen Lab, they have determined that the spyware targeted a political dissident located in the United Arab Emirates and was launched by an US-owned company specializing in computer-based exploits. Based on the price of the attack kit—about $8 million for 300 licenses—the researchers believe it's being actively used against other iPhone users throughout the world.

"Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile—always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists," Lookout and Citizen Lab researchers wrote in a blog post. "It is modular to allow for customization and uses strong encryption to evade detection."

Read 8 remaining paragraphs | Comments

Apple releases iOS 9.3.5 to fix 3 zero-day vulnerabilities [Updated]

“Trident” vulnerabilities were used to target a human rights activist.

Enlarge (credit: Andrew Cunningham)

Just a few weeks after posting iOS 9.3.4 to fix a jailbreaking-related bug, Apple has released iOS 9.3.5 to all supported iPhones and iPads. The update provides an "important security update" and comes just a few weeks before the expected release of iOS 10, which is currently pretty far along in the developer/public beta process.

Update: Apple also tells us that these bugs were fixed in the latest versions of the iOS 10 public and developer betas, which were released last week.

Apple's security release notes say that three bugs have been fixed, two in the iOS kernel and one in WebKit. The bugs were discovered by Citizen Lab and Lookout, which said they were actively exploited to hijack the iPhone of a political dissident. Lookout collectively calls the three zero-day vulnerabilities "Trident," and says that they could allow an victim's personal data to be accessed after opening a link sent in a text message. Trident infects a user's phone "invisibly and silently, such that victims do not know they’ve been compromised." We'll have more information about the vulnerability in a forthcoming article.

Read 2 remaining paragraphs | Comments