A broker of software attacks that exploit vulnerabilities in widely used software is placing a $1 million bounty on critical iOS bugs that allow hackers to remotely commandeer iPhones and iPads.
“Apple iOS, like all operating system(s), is often affected by critical security vulnerabilities,” officials with the Zerodium bug broker said in blog post published Monday that announced the hefty reward. “However, due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS. But don’t be fooled, secure does not mean unbreakable. It just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here’s where the Million Dollar iOS 9 Bug Bounty comes into play.”
Under the program, Zerodium is prepared to pay a total of $3 million for remote iOS exploits that give attackers complete control over a vulnerable device. Zerodium will pay $1 million to each person or team who creates and submits an exclusive browser-based attack that works on the latest-available version of the operating system. The program is scheduled to run through October 31, but it will be terminated earlier if three winning exploits are submitted sooner.