Founded in 2015, Zerodium is a information security company specializing in buying and selling zero day exploits. It’s offering US$2 million for remote iOS exploits.
Security researcher Patrick Wardle has found a macOS Mojave bug that allows unauthorized access to your personal data, like your contacts.
A new macOS zero day exploit has been found, and this one has been present in the operating system since 2002.
This is part of Project Zero’s modus operandi, as it routinely searches other companies’ software for bugs.
Dave Hamilton and John Martellaro join Jeff Gamet to discuss the HomeKit Zero Day exploit that was just revealed, plus John and Jeff get into a debate about whether the iPad should be considered a computer.
Apple customers don’t need to take any action right now. The company has already fixed the issue on its end, and next week users can get a software update that fixes the bug on their end.
As of yesterday, Adobe has already identified the bug (CVE-2017-11292) and released a security patch for Windows, macOS, Linux, and Chrome OS.
Yesterday was the annual Pwn2Own hacking contest, and also marks the contest’s 10th anniversary. Hackers compete in challenges to find security holes in popular software and mobile devices. This year, two Safari zero days were found by the white-hat hackers.