The following is related to the latest iOS security update regarding zero-day exploits found in their operating system (25 Aug '16) and how these things are dealt with behind the scenes. It's quite fascinating; I had no idea that there are companies out there that buy and then resell knowledge of exploits to the highest bidders, sometimes for hundreds of thousands of dollars. Not a bad earn if you're clever enough to go poking into sensitive areas in cyberspace.

Citizen Lab, the company who the author works for, examines these discoveries and forwards the info on to the developers of the software so that it may be patched. Real life espionage!

https://deibert.citizenlab.org/2016/08/disarming-a-cyber-mercenary-patching-apple-zero-days/


And so earlier this month, when Mansoor received two unsolicited SMS messages on his iPhone 6 containing links about “secrets” concerning detainees in UAE prisons, he thought twice about clicking on them. Instead, he forwarded them to us for analysis. It was a wise move.

Citizen Lab researchers, working in collaboration with the security company Lookout, found that lurking behind those SMS messages was a series of “zero day” exploits (which we call “The Trident”) designed to take advantage of unpatched vulnerabilities in Mansoor’s iPhone.

To say these exploits are rare is truly an understatement. Apple is widely renown for its security — just ask the FBI. Exploits of its operating system run on the order of hundreds of thousands of dollars each. One company that resells zero days paid $1 million dollars for the purchase of a single iOS exploit, while the FBI reportedly paid at least $1.3 million for the exploit used to get inside the San Bernadino device. The attack on Mansoor employed not one but three separate zero day exploits.