Zerodium Sets Bug Bounty for Zero-Day iOS 10 Exploits at $1.5M
Security startup Zerodium involved in buying and selling OS exploits, has today announced that its bug bounty for previously undisclosed or zero-day exploits for iOS 10 now stands at $1.5 million, a significant jump from last years $1 million max, Wired is reporting. The amount will be paid to anyone who can pull off a remote jailbreak of Apple’s latest iOS 10 operating system for iPhones and iPads.
Last year, Zerodium paid $500,000 for the top iOS 9 bug, while Android and Windows Phone exploits snatched up to $100,000. A limited-time $1 million bounty on iOS vulnerabilities was also offered last fall, which was claimed by a group of hackers. This year, Zerodium will offer the full $1.5 million bounty permanently, not just for a short duration. “We’ve increased the price due to the increased security for both iOS 10 and Android 7,” said company founder Chaouki Bekrar.
Bekrar says that Zerodium’s clients are mostly North American governments and corporations, and a few government agencies in “allied countries.” He is also the founder of the French hacking firm Vupen, which expressly works to develop software intrusion techniques to sell to private clients—especially governments—worldwide.
Bekrar says his company’s price shift is unrelated to Apple’s bounty program. “Apple’s bounty is private and invite-only, it cannot compete with our bounty which is open to all and available all year long.” Apple’s bug bounty program is only available to certain researchers for now.
Apple has also recently invited some of the world’s top iOS and Mac hackers to a secret meeting at its Cupertino headquarters, where it plans to brief them on the launch of its “bug bounty program”.