Short Bytes: Security firm Zerodium has launched “The Million Dollar iOS 9 Bug Bounty”, that offers $1 million for finding vulnerabilities and deploying a browser-based attack on a non-jailbroken iOS device.
This bounty is offered by the security firm Zerodium for a browser-based attack on a non-jailbroken iOS device. This new startup calls itself as the “premium zero-day acquisition platform” and it’s giving up to $3 million for up to 3 remotely executable jailbreaks.
Just like all operating systems, Apple iOS is vulnerable to critical vulnerabilities. Even though the Apple’s iOS is one of the most secure mobile operating systems out there, it isn’t unhackable. The complex vulnerability exploitation of the iOS explains the reason behind this million dollar iOS 9 bounty.
This bug bounty program is made for experienced reverse engineers, security researchers and jailbreak developers.
Zerodium writes on its website: “ZERODIUM will pay out one million U.S. dollars ($1,000,000.00) to each individual or team who creates and submits to ZERODIUM an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9operating system and devices.”
The discovered zero-day flaw must allow the attacker to compromise a non-jailbroken device remotely using a web page, in-app browsing action or using a text message or MMS.
It should be noted that vulnerabilities in Bluetooth, NFC, Airdrop, or baseband doesn’t quality. Zerodium adds, ““The whole exploitation [or] jailbreak process should be achievable remotely, silently, reliably, and without requiring any user interaction except visiting a webpage or reading an SMS [or] MMS”.
This bug bounty program is applicable if it works on:
– iPhone 6, iPhone 6 Plus, iPhone 6s and iPhone 6s Plus
– iPhone 5, iPhone 5s and iPhone 5c
– iPad Air 2, iPad Air, iPad 3rd and 4th generation, iPad mini 4 and iPad mini 2
If you wish to work for it and find a bug in iOS 9, remember that the program is open until October 31st, 2015 at 6:00 p.m. EDT.
Read more here at Zerodium blog.