Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Browser-Based iOS 9.1/9.2 Jailbreak Wins $1M Bounty, Will Be Sold for Corporate and Government Use
- Thread starter MacRumors
- Start date
- Sort by reaction score
Seems the vast majority of those in the security community believe this is nothing more than a PR stunt without a proof of concept.
HISS* Assuming it is a stunt ... You know what they say about assume
*Head In Sand Syndrome
So don't use them. Problem solved! The only reason Apple closes jailbreak exploits is so that they can maintain their monopoly on their Apple App store and collect 30% of every single developer's money while enforcing their Mickey Mouse views of what you should or should not or can or cannot run on your computing device! The OWN your phone/tablet/computer and you should be able to install whatever software you want to run as long as you aren't breaking the law. Period. What Apple does is for Apple's profits and nothing else. This isn't a malware exploit. It's a way to make software that doesn't go before Apple's prying eyes and let them see what you made, how you made it and do what they want with it.
OS X already lets you install software from other sources. Why aren't you whining about THAT? Shouldn't you be crusading for Apple to make Gatekeeper only allow software to be installed from the Mac App Store??? Isn't that essentially what you are asking for? The day that happens is the day I move to Windows or Linux. I run all kinds of software that isn't allowed on the App Store and NONE of it is for immoral purposes.
Exactly how do you come to that conclusion? OS X is already "open" in the sense this company was looking for. Does that mean Apple should close down OS X so you can ONLY use their App Store because some might "exploit someone" with a program (i.e. malware). Most of the jailbreak software out there isn't malware. Actually, I'm not aware that ANY of it is. But the moment they post HOW to jailbreak, Apple closes it and you can't install the software you may WANT to run (i.e. Apple policies to get things approved for the App Store are very draconian. Apple is like a dictatorship. You can pay to use their system, but then you have to live under Communism, essentially. They control everything. It's very un-American. It's 100% anti-privacy and 100% anti-freedom.
How do we deal with Malware in OS X? You don't install it. Every OS X user has the CHOICE to only use the Apple App Store (gatekeeper) or to get software from any source they choose. How is this jailbreak "different" ? It's a (legal) method to install your own software on your own devices. How does that put malware onto someone else's device??? IT DOESN'T.
No, it was far worse. They did it to be jack-arses and frack up people's computers for the FUN of it. That's akin to shooting people for the fun of it rather than for at least a "reason (good or bad). THIS, however is NOT about a virus.
It's about INSTALLING YOUR OWN PRIVATE SOFTWARE ONLY ON YOUR DEVICE. They didn't ask for an exploit to get past the App Store for god's sake. A jailbreaking exploit does NOT allow people to install malware on OTHER people's devices! That Chinese method of getting around the App Store to get malware ONTO the App Store is the kind of exploit you should be concerned about and seem to think that this is about for some unknown reason. Do you just assume the worse thing you can imagine without knowing anything about the topic?
You seem to be under the impression this about anything but jailbreaking. You don't know what you're talking about so I will ignore your opinions.
The ONLY thing Apple "cares" about is making MONEY (you know, the very thing you don't seem to want anyone else to make).
I think this is something to do with the level of support offered and/or whether the OS is still current. I might contact and ask them actually.[/QUOTE]
Ok, I did email the Mitre team and the response is pasted below;
XXXXX,
We did not create the attached table and do not validate that its information is correct. The OS aggregation method the table creator chose does not reflect MITRE’s use of OS X versions, as a search of our website (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Apple+OS+X) will show.
Ok, I did email the Mitre team and the response is pasted below;
XXXXX,
We did not create the attached table and do not validate that its information is correct. The OS aggregation method the table creator chose does not reflect MITRE’s use of OS X versions, as a search of our website (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Apple+OS+X) will show.
If you don't know anything about unsigned code, root access and administrative control of a device, please stop drooling Facebook style sensationalist posts like, "OMG this is like totally so like totally bad! like omg the terrorists omg like they are totally like totally going to take over my device from my like, totally WiFi!"
No. They're not.
Let's be clear about this: Zerodium is accountable for whatever happens as a result of this hack. Let's also be clear that while they might be able to hijack basic systems on your device, they won't be able to access encrypted information or force the device to unlock from a Touch ID/passcode state.
And Apple has data shut off in sleep state cooked into the OS. So once the device is locked, there's very very little they can do with it "live".
This is for specific targeting, for example, going after a politician who uses an iPhone and trying to grab their emails before they know what's happening.
But make no mistake, this exploit will be used for proactive defense more than proactive offense. You think there's someone out there who wants to target someone with an iPhone that doesn't have the resources to find hackers capable of doing it? No. The issue is that people who want to protect very important clients want to be able to defend from it.
Paying a security exploit firm a bounty for an attack based exploit is like showing up to a house in order to rob them and waiting for Amazon to deliver your guns.
You can relax, no one is going to use a three million dollar exploit to try to grab your Snapchat screenshots.
No. They're not.
Let's be clear about this: Zerodium is accountable for whatever happens as a result of this hack. Let's also be clear that while they might be able to hijack basic systems on your device, they won't be able to access encrypted information or force the device to unlock from a Touch ID/passcode state.
And Apple has data shut off in sleep state cooked into the OS. So once the device is locked, there's very very little they can do with it "live".
This is for specific targeting, for example, going after a politician who uses an iPhone and trying to grab their emails before they know what's happening.
But make no mistake, this exploit will be used for proactive defense more than proactive offense. You think there's someone out there who wants to target someone with an iPhone that doesn't have the resources to find hackers capable of doing it? No. The issue is that people who want to protect very important clients want to be able to defend from it.
Paying a security exploit firm a bounty for an attack based exploit is like showing up to a house in order to rob them and waiting for Amazon to deliver your guns.
You can relax, no one is going to use a three million dollar exploit to try to grab your Snapchat screenshots.
In the past the vector (jailbreakme.com) has been the user loading a malformed pdf which crashed the system and then some arbitrary code would execute - I am guessing its is something similar but based on the rules to win, the user does not have to download anything, just the act of going to a webpage will activate the payload and jailbreak the device - fascinating.
Totally untrue. In the beginning "hackers" primarily tried to "get in", "get proof", "get out", "without detection or trace". It was all about bragging rights and not intended to hurt rather to show skills.
Viruses and other nefarious items were not the work of hackers as such. The general "definition" of hackers that most use today are definitely from the "black hat" perspective.
I get what you are saying but I don't think it is as bad as you think.
Look all you have to do for a jailbreak:
Turn off Find My iPhone on the device.
Turn off Touch ID & Passcode.
Turn on Airplane Mode.
Plug in USB cable and run some Chinese program
Its like getting on the net without antivirus, firewall and then download some random s** to your PC - in other words, to jailbreak you are purposely putting your own device at risk to run some tweaks - no judgment if you jailbreak - btw.
if there are no free jailbreaks, then there would be hundreds of underground jailbreaks out for the highest bidder. Jailbreak exposes security issues that apple didn't realize it had for free.
I find that highly unlikely. The Chrome Browser, as an app which you must install through the App Store, is subject to much tighter restrictions with what it can do than Safari.
Also, is there any actual proof that this exploit really exists? I don't see a video demonstrating it... I don't see any proof money was actually exchanged... all I see is words.
Just by visiting a website, or by downloading and installing a profile? If it's just from visiting a website, and this is real, I have some questions for the Safari developers...
Yes, yes it IS a malware exploit. I can only assume you've not read the article.
Just a small aside: communism and dictatorship are not synonymous. But back to the main event...
Because you DON'T have a choice: it happens without your knowledge. Again, you clearly haven't read the article before weighing in.
I could go on dissecting your rant, but I won't bother, because it all leads to the same advice: read the article before making erroneous statements. Or, more precisely, read the article and thus AVOID making erroneous statements.
Ok I be kind, don't eliminate them. Lock them up for rest of their lives. What we do with drug users. Not dealers, users. And people who steal a shoe on third offense conviction. So why not people compromising my privacy. There happy now.
What? How can I not use them if the jailbreak happens without my knowledge from texts or emails. Did you read the article or you just on another anti Aplle rage.
The point being that the check functions have been around for 20 years or so and if they were in unmodifiable hardware comparing the results with Apple's server using https it would be secure. That could be done now, if Apple really was concerned about security. But check routines in hardware and some Apple engineer screws it up, which they do routinely, then it would be a recall and that is never going to happen since it is less costly to Apple for Apple to let them steal your bank account.
It is kinda like car keys. We don't have good car keys because for every car that is stolen the auto manufacturer gets to sell a new car. There is no downside for the manufacturer.
Scratches head? Never stops amazing me how when low lifes do something wrong, illegal, immoral or just plane nasty like this bounty and hacks. That someone blames it on the maker of the product for not preventing the low life from doing the dirty deed. People steal cars and its car makers fault. People corrupt software and it's apples fault. Weird logic
if it works in the wild. Given that it needs Chrome to work many folks will just remove Chrome from their devices. No more issue
I read and reread it again. The problem is that the article states it's a JAILBREAK, which has a very specific meaning. Those are legal uses to gain access to your own property to install the software you WANT on it (i.e. you know about it and authorize it). What you're talking about is a ROOTKIT and it's designed to put spyware/malware on your computer/device without your knowledge. It's a very poorly written article, IMO because jailbreaking and rootkits are two different things..
Reading their web site, this sounds more like someone like the NSA (or KGB equivalents) want the tech to spy on whomever. There are those that are not very happy with Apple right now in that they refuse to unlock a phone in a court case where they CAN do it but WON'T (privacy stated). I wouldn't be completely surprised if we suddenly have some kind of "incident" that scares people into NOT having a fit about forced backdoor access for the NSA, etc. After 9-11, they were able to wipe out all kinds of freedoms under a fear tactic taken advantage of by that incident. This is how government organizations get us to go to BS wars (like Iraq for example) by LYING, creating or at least taking advantage of events to push their agendas.
What's more troubling is that in looking that up, I ran into some strange law proposals including one for Canada that wants to legalize root kits with the most ridiculous/absurd standards of who is allowed to do it (i.e. if you even suspect "any" law of Canada or even a foreign law is being broken, you would be allowed to install root kits to spy on that person (not the government alone, but ANYONE). Thus, if I suspected the Canadian government was stealing my data (ironically via a rootkit) that they're not entitled to (i.e. all legal things), I am then authorized by the proposed law to install rootkits on all Canadian government and military computers to make sure they're not using that law to steal things they're not entitled to steal (and thus I gain access to all military and government secrets stored on there in a very legal manner).
Now that is madness and it's all due to corporations thinking they aren't making enough money off you and so they deserve to make sure you didn't steal a 99 cent MP3 by watching everything you do. Windows 10 has a key logger installed by Microsoft themselves to watch everything you do. The days of "unreasonable" search and seizure are OVER. You have zero right to privacy in anything you do. The NSA has proven that. The sad thing is what Snowden talked about is just scratching the surface. I read his comments that they could easily tap into any phone line in real time. That part got glossed over in all the news reports claiming they were just storing "phone numbers" or some nonsense. I think being able to tap into any phone conversation in real time in the country is a lot worse than tracking where calls are made from. Tie that into a Super Computer that analyzes speech and you've got yourself an automated stakeout program that listens to and analyzes every single conversation ever made on the face of the earth potentially. And does anyone seriously think the NSA has "stopped" any of this stuff? That's like saying Area 51 isn't doing anything secret out there because we know the place exists now. Of course there's a huge difference in hunting terrorists and MP3 pirates.
No Communism implies a "party stage" where a ruling party acts like a dictatorship (only difference is more than one person is involved in leadership, but the lack of freedom/control is the same. True Monarchies are no different either. The people get no say in their own laws/rules). True Communism is supposed to eventually hand over all control to the public but it has never happened in practice even once in all of history (those that have power would usually rather die than give it up).
I still say that's not what the article says on its own. The only part that looks odd is the bit about reading text files and using a browser, but that doesn't necessarily imply a user doesn't interact at all in the process and given their use of the word "jailbreak" I would not be thinking in that frame of mind. If one says they are going to the store to buy milk, one does not think they are going there to steal milk as "buy" and "steal" are two different words with two very different meanings.
No, it does not require Chrome. All iOS browsers use the same rendering engine, WebKit. This is an Apple requirement, and the main reason Firefox is not on iOS. The difference between Safari and all the other browsers, at least in the past, has been that Safari runs the JavaScript interpreter in privilege mode, to improve performance. In that respect, it may be that Safari is actually more vulnerable than other browsers. But even if you use iCab or Sleipnir or Ghostery or whichever browser, if there is a genuine vulnerability, it is exposed by WebKit, not by any particular browser.
If Apple had a bounty system I wonder what things would start showing up.
They do, ask gizmodo
What gets me is when people can't understand english and jump to inaccurate conclusions. I don't blame Apple for break ins or car manufactures for theft. I do expect reality to live up to the marketing message. In both cases it does not.
When a car manufacturer sells me a car with a lock and said lock can be opened by almost anyone in a few seconds, then yes the manufacturer needs to catch some heat for thefts. Not be blamed, but they should catch the heat.
When a tech manufacturer sells me a secure product and said product is capable of being broken into just from visiting a web site, then they need to catch the heat. Not be blamed for the break in, but catch the heat.
So yes, I am happy that someone put a dent in Apple's marketing message, because without said dent causing a lot of heat Apple will not improve to the level that I expect.