As Chrome is forced to use webkit as a renderer, I don't think it makes a diference what browser you're using.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Browser-Based iOS 9.1/9.2 Jailbreak Wins $1M Bounty, Will Be Sold for Corporate and Government Use
- Thread starter MacRumors
- Start date
- Sort by reaction score
As Chrome is forced to use webkit as a renderer, I don't think it makes a diference what browser you're using.
OS X has many more vulnerabilities VS windows
This doesn't surprise me at all... its just marketing.
All browsers use Safari's Rendering Engine as required by guidelines, it likely works on safari too.
This is probably just the tip of the iceberg. There are likely other exploits like this that just don't get publicized.
The sentence about "government organizations in need of specific and tailored cybersecurity capabilities" is particularly galling. The government's role should be to protect the country from this kind of thing, not to keep it secret and exploit it themselves.
The sentence about "government organizations in need of specific and tailored cybersecurity capabilities" is particularly galling. The government's role should be to protect the country from this kind of thing, not to keep it secret and exploit it themselves.
Weird, 'cuz the article specifically says it can install through Safari.
So even if Apple doesn't specifically purchase this, be in no doubt that they will acquire it somehow and push a patch. All you need is a dark alley, a thumb drive, and a willing collaborator (anyone think Apple doesn't have the funds to motivate one of those?).
There must be a federal and international law to mandate these information to be given up to the software company ASAP to get it fixed and to ban anyone doing this from doing business again. Zerodium should be ashamed of themselves for intentionally withholding the exploit from Apple just to make a few bucks on people's security.
Please do yourself a favor and learn what a jailbreak is, it is a fancy name for gaining access to the root status on the device or more accurate, a massive security exploit. Also, yes, it can be applied to the phone without the owner's permission, you have no idea what you're talking about.
It is the responsibility of Apple to fix this ASAP to ensure no one can use this against the device users.
Please do yourself a favor and learn what a jailbreak is, it is a fancy name for gaining access to the root status on the device or more accurate, a massive security exploit. Also, yes, it can be applied to the phone without the owner's permission, you have no idea what you're talking about.
It is the responsibility of Apple to fix this ASAP to ensure no one can use this against the device users.
Yea, it's a lie but it is not limited to Apple. There is nothing in this universe that can be secure. Everything is breakable.
I would assume something like this always existed and will continue to exist for both Andoid and iOS. The government acts like they are pissed for not having access to iPhone encrypted data. Don't bet on it. If they want it bad enough, theyll get it.
The fact that they're offering $1M for someone to develop the breach should make you feel very good about the overall security of the system... if it was easy nobody would pay $1M for it.
Wrong. "Browser-Based" means you could be pushed to a website that does the jailbreaking in the background. Now they have root access and you don't even know.
The CIA, the Russian Intel Services, and the Chinese secret services are lining up to buy this code. And maybe Al-Qaeda and Mossad too.
Apple confirms that they won't give in to the government's privacy policies....3 days later.
This has Guilfoyle and Danesh written all over it.
Apparently people feel it's okay to make definitive statements without actually reading the relevant information.
From the story post: "The contest rules required the exploit to be achievable remotely without requiring user interaction beyond reading a text message or visiting a website via Chrome or Safari on an iOS device." (emphasis mine)
Can't wait for my Apple car to get hacked while i'm driving down the interstate.
Why? It's Apple's bug. Someone found a bug Apple doesn't know about. Why should they be required by law to tell Apple about it?
Apple should find their own bug, or, you can find it, and tell Apple about the exploit for free.
I have Ghostery on my Mac. It blocks my Mac from contacting so many websites that I cringe every time I go to those same sites on my iPad...because it doesn't have any such protections. It's blocking 6 "services" right now.
There are two possible (but quite different) interpretations of the phrase "... via Chrome or Safari on an iOS device".
#1: The exploit must be installed independent of whether the user is accessing the web via Chrome or Safari (i.e it must work in both cases)
#2: The exploit must be installed via web access utilizing either Chrome or Safari (i.e. requirements are met if either one is achieved)
F**ked or double f**ked. Which is it?
I still find it a bit amazing Apple does not participate in a bounty program.
Hubris. Pure hubris.
Hubris. Pure hubris.
President Obama has all of this, and all the other crisis around the world under control.
Doesn't anyone watch MSNBC anymore?
Jeeez, people!!! Where is the faith?