Project Zero’s continues its hunts for bugs
Project Zero is Google’s team who are responsible for finding bugs within the Google systems as well as other companies. Two members from Project Zero have found six bugs in iOS that could have led cyber attackers to compromise devices like iPads and iPhones.
The duo found six vulnerabilities out of which four could have been easily executed on remote iOS devices where no user interaction is required. Hackers can exploit the user phone via iMessage and make OS vulnerable; five out of six bugs which are interactionless i.e. without the user interaction these bugs can attach the user’s phone. Detailed information was published by the duo with a demo proof of concept code the bugs.
Price value of bugs worth millions
Zerodium is a US-based information security company and according to the price chart of given by them, if these bugs were sold in the exploit market, they could have brought over $1 million each. The bugs that are found by the two researchers are valued between $5 million and $10 million. Crowdfense, a vulnerability research hub stated since these exploits were interactionless and can be worked on the latest version of iOS, the prices of these bugs could be valued between $2 million and $4million each and the total value of these bugs could go up to $24 million.
Flaw found in macOS Kernal
In November 2018, Apple was made aware of the flaw that was found in macOS and which was named as BuggyCow. Later, Apple was given 90 days as a part of non-disclosure policy, to fix the issue. And in case of some special case, few grace days are also given.
Later, in March 2019, the Project Zero team publicly disclosed the flaw in the macOS Kernal. Google explained about this flaw in macOS kernel if modifications are made to a user-owned mounted filesystem image. The virtual management system will not notify those changes which result a hacker can access to perform malicious action on that filesystem without the knowledge of the user. Later, Apple acknowledged the flaw and worked with the Project Zero team to fix the same.