Zero-day exploit in Apple’s iOS operating system sold for $500,000 [Updated]
Security vulnerabilities are a terrible thing, but they happen to everyone, including Apple. According to an article in The New York Times, details of a “zero-day exploit” for iOS were sold for $500,000 at one point. We’re not exactly sure what this exploit entails, nor whether Apple has already fixed it, but still, this is a serious business.
What is a “zero-day”? Say you’re a hacker and you find a problem with a company’s software. If you’re a good guy, you call up the company and tell them what’s wrong and promise not to tell anyone about the bug until it’s fixed. If on the other hand you’re a bad guy (and an asshole), you can either sell your discovery on the black market or just publish the details of the exploit without letting a company know ahead of time.
Who buys these kind of exploits? You’d be surprised how many countries do, which is the whole thesis of The New York Times article. We recommend you give it a read, though it’ll likely scare the living bejesus out of you.
Hackers such as pod2g and planetbeing of the Evad3rs dev team use a different approach. Instead of selling the exploits, they release jailbreaks to the public such as evasion that was released for iOS 6 – iOS 6.1.2 and ask users for a donation. While it is not clear how much they end up raising through this route, we’re assuming that since evasi0n was used to jailbreak over 18 million iOS devices, they would have managed to raise a reasonable amount through donations. The article also highlights why it is important to give donations as hackers have other lucrative options.
Are you surprised that an iOS exploit was sold for $500,000? Please share your thoughts in the comments below.