Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits
Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple!
Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million.
Yes,
$1,500,000.00Reward.
That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private,
invite-only bug bountyprogram.
Zerodium, a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world, previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily
increased to $1 Millionfor a competition help by the company last year.
The company
paid out $1 millioncontest reward for the first three
iOS 9zero-days in November to an unnamed hacker group, then lowered the price again to $500,000.
With the recent release of iOS 10, Zerodium has
agreedto pay $1.5 Million to anyone who can pull off a remote jailbreak of the Apple's latest mobile operating system, allowing a full third-party control over the device.
The company has also doubled its bug bounty for Android 7.x (
Nougat) remote jailbreaks to $200,000 as well as boosted rewards for exploits in other software, including Adobe Flash, Microsoft Internet Explorer and Edge, Windows Reader, Microsoft Word and Excel, Safari, and OpenSSL or PHP.
The hike in the price is in line with demand and the tougher security of the latest iOS and Android operating systems, and to attract more researchers, hackers and bug hunters to seek complex exploit chains in iOS 10.
To claim the prize money, Zerodium is asking for a previously unknown security vulnerabilities that must allow an attacker to compromise a non-jailbroken iOS device remotely.
Zerodium CEO Chaouki Bekrar notes on Twitter that the company is prepared to buy multiple iOS zero-day hacks at that price, saying
"We can afford to buy multiple iOS exploit chains for $1.5M each."Hackers will get the payout within a week of submitting the zero-day vulnerabilities along with a valid working proof-of-concept.
from The Hacker News http://ift.tt/2drz0ED