This tempting offer is going to blow the gadget psychos hard. All nerdy hackers are gonna attempt this to get paid by this well known exploit brokers offer to jail break iOS 10.
Exploit broker Zerodium has tripled its bug bounty for a remote iOS 10 jailbreak vulnerability to US$1.5 million.
The outfit previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily increased last year when a US$1 million reward was paid out in November to an unnamed hacker group.
The increase is designed to attract more researchers to seek complex exploit chains in Apple’s mobile operating system.
— Zerodium (@Zerodium) September 29, 2016
Hackers will score the payout within a week of submitting the vulnerability and a polished and weaponised proof-of-concept.
Zerodium also doubled rewards for remote rooting vulnerabilities on Android versions six Marshmallow and seven Nougat to US$200,000.
Chief executive officer Chaouki Bekrar says the increase is in line with demand and the tougher security of the latest iOS and Android operating systems.
While the payouts dwarf vulnerability rewards offered to researchers by Apple and Google, it requires researchers invest much more effort into weaponising their work.
Companies like Apple and Google would love for researchers to disclose vulnerabilities directly to them so they can be patched. As a token of their appreciation, the person or group that finds and reports a flaw often gets a monetary reward and praise for their good deed.
It will be interesting to see who can claim the bounty, although it seems that it will be quite hard as the exploit needs to work pretty much flawlessly, but if anything we guess it’s good since if an exploit worth $1.5 million is found, it’s definitely one that needs to be fixed, although given that Zerodium seems to deal more with government agencies than the companies themselves, hopefully Apple will be able to stay on top of it.