Security firm Zerodium has announced a million dollar bounty for anyone who can provide them with an iOS 9 jailbreak. The program has been dubbed ‘The Million Dollar iOS 9 Bug Bounty’ and is open to teams and individuals alike.
The firm believes that an iOS 9 jailbreak is achievable and are willing to pay big for the effort required:
[…] Apple"s iOS is currently the most secure mobile OS. But don"t be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here"s where the Million Dollar iOS 9 Bug Bounty comes into play.
ZERODIUM will pay out one million U.S. dollars ($1,000,000.00) to each individual or team who creates and submits to ZERODIUM an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.
There are strict requirements for an exploit, which must be deliverable via a web page or text message. The exploit must run on the latest version of iOS 9 and work on devices as far back as the iPhone 5 and 3rd generation iPad.
The jailbreak must also “lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device”, and of course be exclusively revealed to Zerodium. Any type of exploit requiring physical access or close proximity to the device, such as NFC or Bluetooth, is ineligible for the prize.
Zerodium was launched earlier this year by Chaouki Bekrar, the founder of French security firm, Vupen. Vupen had been in the spotlight several times over the past few years for taking out first prize in hacking content Pwn2Own. Vupen differs from Zerodium in that they do all of their own research and development rather than purchasing from external sources.
The bounty is due to end on October 31st, 2015 at 6:00 pm EDT, however, it may end sooner if the total prize pool of 3 million dollars is exhausted.