Skip to main content
  1. Home
  2. Mobile
  3. News

iOS9 is the target of the biggest bug bounty ever: $1 million

By

zerodium ios9 bug bounty dr evil 646x363
Image used with permission by copyright holder
An enormous new challenge has been set for the information security community, what’s known as a “bug-bounty” — a cash reward in return for the discovery of vulnerabilities. For researchers, getting such prizes can be both lucrative and a point of pride. This week, the largest bug-bounty award ever in the amount of $1 million has set security researchers into a race to be the first. The target is iOS 9, and the challenge asks for a browser-based, untethered jailbreak of the operating system.

Previous bug programs have featured payout in the hundreds or even thousands of dollars, and in a handful of cases, on the order of a hundred thousand dollars. But a million bucks? That’ll buy a lot of 10-hour energy drinks.

Recommended Videos

The company behind the bounty is known as Zerodium. The startup presents itself as a zero-day vulnerability and exploit acquisition program, meaning that being on the cutting edge of vulnerabilities is critical to its business model. The company reports security information that it collects from independent researchers on to clients through a security-research news feed. This information includes analysis, documentation, and protective measures.

Related

Bug bounties have emerged as a popular way to discover vulnerabilities throughout the security community. It’s a way to accelerate the discovery of security flaws before they emerge in the wild. Zerodium is prepared to pay out a total of up to $3 million in prizes for various exploits, according to contest details explained on the company’s webpage:

The Million Dollar iOS 9 Bug Bounty is tailored for experienced security researchers, reverse engineers, and jailbreak developers, and is an offer made by ZERODIUM to pay out a total of three million U.S. dollars ($3,000,000.00) in rewards for iOS exploits/jailbreaks.

There’s a catch however — a deadline of 6 p.m. on October 31, 2015 for this particular program. So crackers, get cracking.

There are numerous indicators that suggest the web engine known as Webkit will be a prime vector in the hunt for this bug; WebKit is the core rendering engine in Apple’s Safari web browser, after all. Google’s Chrome browser uses a forked version of the same rendering engine called Blink. Both Webkit and Blink have been the target of repeated research projects as it is a component that has produced a number vulnerabilities and has been a primary path to successful exploits.

Although this research is initially oriented at the enterprise, the discovery of any significant bugs will undoubtedly reach the greater community as fixes and updates emerge to address them. Just this week, news emerged about another threat to the Apple ecosystem in the form of malware-compromised apps that had to be taken offline.

Editors’ Recommendations

Topics
John Casaretto
John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
Everything you need to know about the OnePlus 13
Official OnePlus 13 product renders showing rear panel colors.

OnePlus is an excellent brand that offers powerful flagship phones at a great value compared to some of its competitors. We followed every rumor about the OnePlus 13 for months, but now it's here — and it's everything we hoped for. It might not be available in the Western market yet, but it will be soon.

So, what makes the OnePlus 13 so special? Here's everything you need to know about OnePlus' latest flagship.
When is the OnePlus 13 being released?

Read more
Qualcomm Snapdragon 8 Elite vs. MediaTek Dimensity 9400: the race is on
Comparison of Qualcomm Snapdragon 8 Elite and MediaTek Dimensity 9400 processors.

The flagship mobile silicon race has entered its next phase, one that will dictate the trajectory of Android hardware heading into 2025. Merely weeks after MediaTek wowed us with the Dimensity 9400 system on a chip (SoC), Qualcomm also pulled a surprise with the reveal of the Snapdragon 8 Elite.

But this time around, the battle is not as straightforward. Where MediaTek is working closely with Arm and adopting its latest CPU and graphics innovations, Qualcomm has firmly put its faith in custom cores. These are no ordinary cores, but a next-gen iteration of the same fundamental tech stack that powers Windows on ARM laptops.

Read more
Discolored line on your new Kindle? You aren’t alone
Amazon Kindle Colorsoft Signature Edition on a table.

The new Kindle Colorsoft Signature Edition is the first full-color e-reader, and a lot of bookworms couldn't wait to get their hands on it. Sadly, many people are reporting the display has a discolored yellow area at the bottom of the screen. The problem is so widespread that the Kindle Colorsoft dropped to an average review rating of 2.6 out of 5, although it does remain the bestselling e-book reader at the moment.

The cause of the discoloration isn't clear. Some users report that it only happens when using the edge lighting feature on the Kindle, while others say it appeared after a software update. Either way, the yellowing is a problem, especially on a device that Amazon has marketed as being great for comics and graphic novel fans. It's hard to enjoy the colorwork in a comic when it's distorted.

Read more