Security firm puts $1 million bug bounty on iOS 9

By

A new iOS 9 beta is here.
A new iOS 9 beta is here.
Photo: Apple

While millions of iPhone users have eagerly upgraded to iOS 9, a new race is on among researchers to find critical flaws in Apple’s software, and they’re throwing around more cash than ever to get hackers to find the holes.

A new security industry firm called Zerodium announced today that it will pay hackers $1 million for a single exploit that allows attackers to break into an iPhone or iPad running iOS 9. The company says its even willing to pay the bounty multiple times, as long as the exploits break through iOS 9’s security flaws a certain way.

Thanks to a number of security improvements, iOS is currently the most secure mobile OS, according to Zerodium. “But don’t be fooled, secure does not mean unbreakable,” Zerodium says on its website announcing the bounty. “It just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here’s where the Million Dollar iOS 9 Bug Bounty comes into play.”

Those hoping to claim the $1 million bounty face a strict time limit. Zerodium is giving hackers until October 31st to submit entries, meaning developers have less than two months to create and deploy a proof of concept for the exploit.

It’s more likely that the time limit will pass before anyone successfully claims the prize, but the huge purse should be enough to tempt some of best developers to take a shot at it.

The terms for Zerodium’s contest state that the exploit must allow attackers to remotely and silently install an arbitrary app like Cydia on a iOS 9 device via a webpage attack or text message. Eligible submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits.

If you think you got the chops to win, you can learn all about the contest details over at Zerodium.