Great news for iOS lovers and bug bounty hunters! As of today, you have the chance to earn $1 million for finding any critical zero-day vulnerabilities within the latest iOS 9 mobile operating system released by Apple.
Security firm Zerodium, a startup spawn from the French-based security firm VUPEN, a well known competitor in the buying and selling of zero-day vulnerabilities. Zerodium is the firm behind the million dollar bounty, offering the cash for private disclosure to their company.
Zerodium, whose tagline stouts “the premium zero-day acquisition platform” announced a total of $3 million worth of bug bounty rewards for vulnerabilities and exploits related to iOS and jailbreaking.
The vulnerability firm is challenging hackers, researchers, programmers and bug hunters alike to discover zero-day flaws in Apple’s latest mobile operating system, iOS 9, which would allow an attacker to remotely compromise a non-jailbroken iOS device using one of the following methods to quality:
- A web page targeting either Safari or Google Chrome with their default configuration
- In-app infection/webpage targeting apps reachable through the browser
- via text message (SMS) or media message delivered to the device (MMS)
“The whole exploitation [or] jailbreak process should be achievable remotely, silently, reliably, and without requiring any user interaction except visiting a webpage or reading an SMS [or] MMS,” the security firm wrote in a blog post published Monday.
Vulnerabilities that require physical access or include Airdrop, Bluetooth, NFC or baseband do not and will not qualify for the bounty, however, the firm did disclose they may be willing the purchase such exploits at their sole discretion.
Also, Zerodium if offering a one million dollar bounty for anyone who can discover an untethered working jailbreak for iOS 9 that must be compatible with:
- iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
- iPhone 5 / iPhone 5c / iPhone 5s
- iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2
The zero-day acquisition firm said their bug bounty is valid until October 31st, 2015 at 6 p.m. EST or may close early if the firms pays out the total of $3 million to bug hunters before October 31. It wouldn’t be surprising to see Zerodium pay out at least one of the million dollar bounties within the coming weeks.