ZERODIUM Offers $1 Million Dollars for Jailbreak of iOS 9

Is it a marketing ploy or an honest offer?

It appears that hackers are having a tough time finding weaknesses in Apple’s latest mobile OS – iOS 9’s security.

That’s why they’re putting up $3 million ($1 million each to three separate winners) in return for exploits that manage to circumvent Apple’s security.

Zerodium CEO Chaouki Bekrar told Forbes that they’re looking for demonstrations on a remote, fully untethered jailbreak for iOS 9 that actually works and will continue working even after the device is rebooted.

Despite Apple’s claims that it is next to impossible to jailbreak iOS 9, h8sn0w has become the first to successfully jailbreak iOS 9.1 beta, followed by SemiJB, which was the first to launch the Semi Jailbreak online application script for iOS 9.

The entire exploit process must be achievable remotely, reliably, surreptitiously, and without requiring any user interaction beyond browsing to a website or reading a text message. Eligible submissions must have a “full chain of unknown, unpublished and unreported vulnerabilities/exploits” that are combined to bypass “all iOS 9 exploit mitigations”.

However, Zerodium doesn’t do the noble thing and report its zero-day exploits-which exist in software now in use by consumers-to the software makers, so know that if you rise to their challenge, you could be leaving tons of people’s phones open to attack depending on who’s lining up to buy the information from Zerodium. “We have … paid for a fair amount of exploits in Internet Explorer, Chrome, Firefox, Flash, Office and Android”, Bekrar added. However, the price tag will invite many researchers for sure. The company has not publicly disclosed its bounty payments though, mostly because its business model only allows the disclosure of vulnerabilities to paying customers. Vendors of the affected products are not informed and flaws remain in their software, leaving users unprotected. The market for iOS vulnerabilities is particularly buoyant. It wouldn’t be surprising to see Zerodium make at least one $1 million payout in the next five weeks.