Zerodium’s $1 million bounty for iOS 9 hack has been claimed

By Shrey Pacheco | Updated 3 Nov 2015
Zerodium’s $1 million bounty for iOS 9 hack has been claimed
  • The company posted a tweet congratulating the winning team and if it does indeed have a hack, then it is possible that any Apple device running iOS 9 will be vulnerable

Zerodium’s $1 million bounty for hacking the new iOS 9 has apparently been claimed. The company posted a tweet on its Twitter account congratulating the winners. The company had announced the bounty program, called Million Dollar iOS 9 Bug Bounty in September and had given hackers till October 31 to come up with a zero-day exploit of the iOS 9 OS. 

advertisements

In its tweet, Zerodium said, “Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!” They didn’t mention who won the bounty. They were also not clear if the security exploit was limited to Apple’s Safari web browser or all browsers used on the devices. If this is true, and Zerodium does indeed have a hack, then it is possible that all Apple devices running iOS 9, including the new iPhone 6s and the 6s Plus, are vulnerable. 

Zerodium is a zero-day acquisition platform that was willing to pay out $1 million to each individual or team who could create and submit an exclusive, browser-based, and untethered jailbreak for iOS 9. The company was ready to pay a total of $3 million in rewards for iOS 9 exploits and jailbreaks. The program was aimed towards experienced security researchers, reverse engineers, and jailbreak developers. There were a number of conditions for any submission to be eligible for the bounty. One of these conditions was that any submission must lead to and allow remote, privileged, and persistent installation of an arbitrary app on a device with iOS 9. Another condition was that the attack could be through a webpage that targets the default configuration of mobile Safari or Chrome. It could also be through a webpage that targets any app that it reachable through the browser. The attack could also occur through a text or multimedia file delivered through SMS or MMS. The company had also said that the whole process should be achievable remotely and silently without any interaction from the user except when they visit a page or read a SMS/MMS. Zerodium had also said that Submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits. However, it had said that it may make a distinct offer for the partial exploit. 

advertisements
Shrey Pacheco
Writer, gamer, and hater of public transport.
advertisements
ASK DIGIT

Recent Questions

IPHONE 5S has IOS 6 or IOS 7?
Vivek Bhatt
Sept 4, 2014
Responses 4
Jyoti Prakash
Sept 4, 2014
Aditya Malpure
Sept 4, 2014
vishal Pallerla
Sept 5, 2014
Vivek Bhatt
Sept 7, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements