Young Research & Publishing Inc.

Investment Research Since 1978

Disclosure

  • About Us
    • Contributors
    • Archives
    • Dick Young’s Safe America
    • The Final Richard C. Young’s Intelligence Report
    • You’ve Read The Last Issue of Intelligence Report, Now What?
    • Dick Young’s Research Key: Anecdotal Evidence Gathering
    • Crisis at Vanguard
  • Investment Analysis
    • Bonds
    • Currencies and Gold
    • Dividend Investing
    • ETFs & Funds
    • Investment Strategy
    • Retirement Investing
    • Stocks
    • The Efficient Frontier
  • Investment Counsel
  • Retirement Compounders®
  • Free Email Signup

iPhone iOS9 Hack and Chinese Malware

September 23, 2015 By E.J. Smith

Want to earn a cool million? Are you familiar with a security breach at Apple’s app store? I was clued in to these stories from our in-house systems and network manager. A security firm is offering up the million dollar bounty, the largest to date and capped at $3 million, for the successful hack. “Rather than report vulnerabilities in software to the companies that make it to help fix hackable bugs, Vupen develops hacking techniques based on those bugs and typically sells them to multiple government customers,” reports Wired. In a separate report from Wired, there are concerns related to how bugged Chinese apps made their way onto Apple’s app store.

The $1 million bounty:
AS LONG AS hackers have sold their secret hacking techniques known as zero-day exploits to government spies, they’ve generally kept that trade in the shadows. Today it’s come into the spotlight with the biggest bounty ever publicly offered for a single such exploit: $1 million for a technique that can break into an iPhone or iPad running Apple’s freshly released iOS 9.

On Monday, a new security industry firm known as Zerodium announced that it will pay that seven-figure sum to anyone who gives the company a hacking technique that can take over an iOS device remotely, via a web page the victim visits, a vulnerable app on the victim’s device, or by text message. The company says it’s willing to pay the bounty multiple times, though it may cap the payouts at $3 million.

“Due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS,” reads the

statement on Zerodium’s website announcing the bounty. “But don’t be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here’s where the Million Dollar iOS 9 Bug Bounty comes into play.”

Bugged Chinese Apps get into Apple’s App store:

THE APPLE ECOSYSTEM is well known for very rarely letting any dodgy apps enter it because of the company’s stringent security checks.

But recently, nearly two dozen malicious pieces of software managed to get hosted on the App Store, and subsequently downloaded by Chinese users. This is because attackers found an unorthodox route to exploit: they targeted some versions of the software used by developers to makes apps for iOS and OS X in the first place.

The Hack
The malware was first highlighted by Chinese developers on Weibo, and was then analyzed by researchers from Alibaba. Security company Palo Alto Networks then verified the results.

The hack all hinges around Xcode, a tool used to create iOS and OS X apps. Typically, Xcode is downloaded directly from Apple for free. However, it is possible to get Xcode from other sources too, such as developer forums. Some versions of Xcode found on Baidu Yunpan, a Chinese file-sharing service, come packaged with extra lines of code. The Alibaba researchers have dubbed these malicious variants “XcodeGhost.”

Share this:

  • Email
  • Twitter
  • Facebook

You Might Also Like:

  • A Troubling Look for iPhone Sales
  • The Chinese are Coming
  • What to Expect with Today’s iPhone 8, iPhone X Release
  • Author
  • Recent Posts
E.J. Smith
E.J. Smith is Founder of YourSurvivalGuy.com, Managing Director at Richard C. Young & Co., Ltd., a Managing Editor of Richardcyoung.com, and Editor-in-Chief of Youngresearch.com. His focus at all times is on preparing clients and readers for “Times Like These.” E.J. graduated from Babson College in Wellesley, Massachusetts, with a B.S. in finance and investments. In 1995, E.J. began his investment career at Fidelity Investments in Boston before joining Richard C. Young & Co., Ltd. in 1998. E.J. has trained at Sig Sauer Academy in Epping, NH. His first drum set was a 5-piece Slingerland with Zildjians. He grew-up worshiping Neil Peart (RIP) of the band Rush, and loves the song Tom Sawyer—the name of his family’s boat, a Grady-White Canyon 306. He grew up in Mattapoisett, MA, an idyllic small town on the water near Cape Cod. He spends time in Newport, RI and Bartlett, NH—both as far away from Wall Street as one could mentally get. The Newport office is on a quiet, tree lined street not far from the harbor and the log cabin in Bartlett, NH, the “Live Free or Die” state, sits on the edge of the White Mountain National Forest. He enjoys spending time in Key West and Paris.

Please get in touch with E.J. at ejsmith@youngresearch.com

Click here to sign up for my free monthly Survive & Thrive letter.
Latest posts by E.J. Smith (see all)
  • Remember When You Were A Kid and Money Was Free? - June 8, 2023
  • Forbes Global 2000: The Bigger They Are, the Harder They Fall? - June 8, 2023
  • Starving for Fixed Income? I Can Help - June 7, 2023

Search Young Research

Most Popular

  • Starving for Fixed Income? I Can Help
  • June Is Retirement Compounders Month
  • ALLIGATOR MARKET: Calm Surface Hides Danger Below
  • Vanguard Wellesley (VWINX) vs. Wellington (VWELX): Which Fund is Best?
  • CBDCs Not “Just Another Form of Money”
  • What's Hiding In the London Metals Exchange Warehouses?
  • End of ESG?
  • China Increases Its Gold Reserves for Seventh Month Straight
  • Successful Investing Is a Mindset
  • Young’s Retirement Compounders

Don’t Miss

Default Risk Among the Many Concerns with Annuities

Risk and Reward: An Efficient Frontier

How to be a Billionaire: Proven Strategies from the Titans of Wealth

Cryptocosm and Life After Google

Warning: Avoid Mutual Fund Year End Distributions

Is Gold a Good Long-term Investment?

How to Invest in Gold

Vanguard Wellington (VWELX): The Original Balanced Fund

What is the Best Gold ETF for Investing and Trading?

Procter & Gamble (PG) Stock: The Only True Dividend King

The Dividend King of the North

You’ll Love This if You’re Dreaming of an Active Retirement Life

The Importance of a Balanced Portfolio

Invest with Peace of Mind and Comfort

What Kind of Life Are You Investing For?

RSS The Latest at Richardcyoung.com

  • Oh Canada: Wildfires at a Blistering Pace
  • RAGE Gauge June: Remember When You Were A Kid and Money Was Free?
  • What Do You Know About Vanguard’s Wellesley Income Fund?
  • CRUMBLING EMPIRE: Major Hotel Flees San Francisco as City Suffers
  • MUSIC IN DANGER: Is This the Worst Use for AI?
  • Crushing the Heretics
  • Starving for Fixed Income? I Can Help
  • The Four Most Important Words in Investing
  • SUPER STATE RISING? This State Is Doing All the Right Things
  • RIP Astrud Gilberto

RSS The Latest at Yoursurvivalguy.com

  • RAGE Gauge June: Remember When You Were A Kid and Money Was Free?
  • Your Retirement Life: Striped Bass Fishing off Block Island
  • Artificial Intelligence or Four-Year Olds?
  • Forbes Global 2000: The Bigger They Are, the Harder They Fall?
  • Starving for Fixed Income? I Can Help
  • SUPER STATE RISING? This State Is Doing All the Right Things
  • End of ESG?
  • Your Survival Guy’s Take on ChatGPT and AI
  • ALLIGATOR MARKET: Calm Surface Hides Danger Below
  • My Nephew Graduates, and I’m Larry the Cable Guy

About Us

  • About Young Research
  • Archives
  • Contributors

Our Partners

  • Richard C. Young & Co.
  • Richardcyoung.com

Copyright © 2023 | Terms & Conditions

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.