Skip to main content
  1. Home
  2. Mobile
  3. News

iOS9 is the target of the biggest bug bounty ever: $1 million

John Casaretto
By

zerodium ios9 bug bounty dr evil 646x363
Image used with permission by copyright holder
An enormous new challenge has been set for the information security community, what’s known as a “bug-bounty” — a cash reward in return for the discovery of vulnerabilities. For researchers, getting such prizes can be both lucrative and a point of pride. This week, the largest bug-bounty award ever in the amount of $1 million has set security researchers into a race to be the first. The target is iOS 9, and the challenge asks for a browser-based, untethered jailbreak of the operating system.

Previous bug programs have featured payout in the hundreds or even thousands of dollars, and in a handful of cases, on the order of a hundred thousand dollars. But a million bucks? That’ll buy a lot of 10-hour energy drinks.

Recommended Videos

The company behind the bounty is known as Zerodium. The startup presents itself as a zero-day vulnerability and exploit acquisition program, meaning that being on the cutting edge of vulnerabilities is critical to its business model. The company reports security information that it collects from independent researchers on to clients through a security-research news feed. This information includes analysis, documentation, and protective measures.

Related

Bug bounties have emerged as a popular way to discover vulnerabilities throughout the security community. It’s a way to accelerate the discovery of security flaws before they emerge in the wild. Zerodium is prepared to pay out a total of up to $3 million in prizes for various exploits, according to contest details explained on the company’s webpage:

The Million Dollar iOS 9 Bug Bounty is tailored for experienced security researchers, reverse engineers, and jailbreak developers, and is an offer made by ZERODIUM to pay out a total of three million U.S. dollars ($3,000,000.00) in rewards for iOS exploits/jailbreaks.

There’s a catch however — a deadline of 6 p.m. on October 31, 2015 for this particular program. So crackers, get cracking.

There are numerous indicators that suggest the web engine known as Webkit will be a prime vector in the hunt for this bug; WebKit is the core rendering engine in Apple’s Safari web browser, after all. Google’s Chrome browser uses a forked version of the same rendering engine called Blink. Both Webkit and Blink have been the target of repeated research projects as it is a component that has produced a number vulnerabilities and has been a primary path to successful exploits.

Although this research is initially oriented at the enterprise, the discovery of any significant bugs will undoubtedly reach the greater community as fixes and updates emerge to address them. Just this week, news emerged about another threat to the Apple ecosystem in the form of malware-compromised apps that had to be taken offline.

Editors' Recommendations

Topics
John Casaretto
John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
This one Apple Fitness feature completely changed how I exercise
Someone holding an iPhone with the Apple Fitness app open, showing the Custom Plans feature.

I have a confession to make: I'm not good at sticking to a workout routine. I love running, high-intensity interval training (HIIT), strength training, etc. In the moment of those exercises and in the post-workout euphoria, I feel amazing. But when it comes to waking up early in the morning to do these things before work? Well, that's where I really struggle.

This has been a problem for a while now. I go to bed with the goal of waking up early and going to the gym, but as I groggily open my eyes to snooze the alarm on my iPhone 15 Pro Max, I end up falling back asleep. And I've been repeating this over and over and over again.

Read more
You can pick up the Google Pixel 7 Pro for only $500 today
The Pixel 7 Pro with its display turned on, showing the home screen.

 

If you've been holding out on buying a new phone for a while because prices are still expensive, then you may want to consider going for one of the older flagship phones. For example, while the Pixel 8 Pro is out, the Pixel 7 Pro is still a powerful and viable alternative, and even better, it has quite a few great deals on it. In fact, you can buy a brand new and sealed Pixel 7 Pro from Woot for just $500, rather than the usual $1,100, and that's for the 512GB version of the phone, so you get a lot of storage with it as well.

Read more
A new Google Pixel Tablet is coming, but it’s not what you think
Google Pixel Tablet on its charging dock.

It's been almost a year since the Google Pixel Tablet went up for preorder, leading many Android tablet fans to wonder when the inevitable Pixel Tablet 2 will arrive. A new rumor suggests that Google could release a new Pixel Tablet as early as next month, but it's probably not what you were expecting or hoping for.

According to @MysteryLupin on X (formerly Twitter), Google is planning to "relaunch" the Pixel Tablet without the charging/speaker dock included in the box. As you'll likely recall, the speaker dock is the Pixel Tablet's standout feature. You can use the Pixel Tablet on its own as a traditional Android tablet when you want, and when you're done, you throw it on the dock to transform it into a smart display. The idea of Google selling the Pixel Tablet without its claim to fame is an interesting one.

Read more