iOS 9 Hackers Get a Million Dollar Bug Bounty Program

Cybersecurity firm Zerodium has announced a $1 million dollar bug bounty program as a reward to hackers for a proven technique wherein they showcase a break-in to an iPhone or an iPad running on Apple’s newest update, the iOS 9.

“The Million Dollar iOS 9 Bug Bounty,” reads the announcement in a post put up by cybersecurity firm Zerodium, a company that acquires zero-day exploits for a business.

“Zerodium will pay out one million U.S. dollars ($1,000,000.00) to each individual or team who creates and submits to ZERODIUM an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices,” read their announcement.

The seven-figure sum is a reward for anyone who provides the company with a hacking process to take over an iOS device remotely. This includes a web page exploit that the targeted victim visits, a malicious application on the targeted device or via a text message.

Related article: Microsoft Launches Project Spartan Bounty

Furthermore, the security firm also proclaims a payment of up to $3 million to multiple hackers who discover and come up with an iOS 9 exploit.

In a blog post put up by Zerodium, the statement reads:

“Apple iOS, like all operating system, is often affected by critical security vulnerabilities, however due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS.

“But don’t be fooled, secure does not mean unbreakable,” add Zerodium.

A Bug Bounty for an Apple Software Hijack, Which Apple Isn’t Told About

Unlike in-house, company sponsored bug-bounty programs like those offered by Microsoft, LinkedIn, and others, Zerodium is a company offering to buy zero-day exploits and intrusion techniques to then sell them to government agencies and similar institutions around the world.

In an email to Wired, Zerodium founder Chaouki Bekrar said:

“Zerodium’s main goal is to capture the most advanced zero-day exploits and the highest risk vulnerabilities that are discovered, held, or sometimes stockpiled by talented researchers around the globe.”

As reported by Wired, the terms of the new bug-bounty program clearly state that any bug or exploit discovered should not be publicly disclosed or reported to Apple.

This is to ensure that Zerodium’s clients that include corporations in defense, technology, and other industry, as well as government organizations, get to make use of the exploit for their own endeavors.