Hacker Group Claims $1M for iOS 9 Zero-day Exploit

September 21, 2015, vulnerability broker Zerodium announced a bounty of $1 million to anyone who can create an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.” The total pot is $3 million dollars, with each working iOS exploit worth a payout of $1 million. The firm set the submission deadline at October 31st, 2015, 6:00 p.m. EDT.

Monday last week, November 2, Zerodium announced in their Twitter account that one winning team was able to submit a remote, browser-based iOS 9.1/2b jailbreak and would in turn be receiving the million-dollar reward. The exploit supposedly works on the new iPhone 6 and iPhone 5 lines, iPad Air 2 and Air, iPad 4 and 3, and the iPad mini 4 and iPad mini 2. According to Zerodium founder Chaouki Bekrar, two teams attempted to claim the reward, however, only one team produced a complete jailbreak. The second team who submitted the partial jailbreak may also quality for a partial bounty but this is still unconfirmed as of this writing.

Bug broker firms like Zerodium are controversial in the industry, as only their clients can know of the vulnerabilities they buy and/or discover. Their disclosure of the bugs to the affected companies is also entirely up to them. This is in contrast with the efforts of other security researchers who discreetly share their findings with the affected companies without expecting any monetary compensation.

Comments are closed.