Skip to main content
  1. Home
  2. Mobile
  3. News

iOS9 is the target of the biggest bug bounty ever: $1 million

By

zerodium ios9 bug bounty dr evil 646x363
Image used with permission by copyright holder
An enormous new challenge has been set for the information security community, what’s known as a “bug-bounty” — a cash reward in return for the discovery of vulnerabilities. For researchers, getting such prizes can be both lucrative and a point of pride. This week, the largest bug-bounty award ever in the amount of $1 million has set security researchers into a race to be the first. The target is iOS 9, and the challenge asks for a browser-based, untethered jailbreak of the operating system.

Previous bug programs have featured payout in the hundreds or even thousands of dollars, and in a handful of cases, on the order of a hundred thousand dollars. But a million bucks? That’ll buy a lot of 10-hour energy drinks.

Recommended Videos

The company behind the bounty is known as Zerodium. The startup presents itself as a zero-day vulnerability and exploit acquisition program, meaning that being on the cutting edge of vulnerabilities is critical to its business model. The company reports security information that it collects from independent researchers on to clients through a security-research news feed. This information includes analysis, documentation, and protective measures.

Please enable Javascript to view this content

Bug bounties have emerged as a popular way to discover vulnerabilities throughout the security community. It’s a way to accelerate the discovery of security flaws before they emerge in the wild. Zerodium is prepared to pay out a total of up to $3 million in prizes for various exploits, according to contest details explained on the company’s webpage:

Related

The Million Dollar iOS 9 Bug Bounty is tailored for experienced security researchers, reverse engineers, and jailbreak developers, and is an offer made by ZERODIUM to pay out a total of three million U.S. dollars ($3,000,000.00) in rewards for iOS exploits/jailbreaks.

There’s a catch however — a deadline of 6 p.m. on October 31, 2015 for this particular program. So crackers, get cracking.

There are numerous indicators that suggest the web engine known as Webkit will be a prime vector in the hunt for this bug; WebKit is the core rendering engine in Apple’s Safari web browser, after all. Google’s Chrome browser uses a forked version of the same rendering engine called Blink. Both Webkit and Blink have been the target of repeated research projects as it is a component that has produced a number vulnerabilities and has been a primary path to successful exploits.

Although this research is initially oriented at the enterprise, the discovery of any significant bugs will undoubtedly reach the greater community as fixes and updates emerge to address them. Just this week, news emerged about another threat to the Apple ecosystem in the form of malware-compromised apps that had to be taken offline.

Editors’ Recommendations

Topics
John Casaretto
John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
How to transfer your books from Goodreads to StoryGraph
Front page of a book on Onyx BOOX Go 10.3 tablet.

Goodreads has been the only game in town for Android and iOS book-tracking for a long time now, and like most monopolies, it has grown old and fat. Acquired by Amazon in 2013, avid book readers have had lots to complain about in recent years, with the service languishing unloved, with no serious updates and an aging interface. It's been due some serious competition for a long time, and lo and behold, some has arrived. StoryGraph is a book-tracking app that offers everything you'll find on Goodreads but with an algorithm that lets you know about what you might love, and adds features any bibliophile will know are essential — like a Did Not Finish list.

Read more
The next iOS 18 update is on its way. Here’s what we know
The iPhone 16 sitting on top of orange mums.

When iOS 18.2 released just over a week ago, it unlocked a lot of long-awaited features like Image Playground, Visual Intelligence, and improvements to writing tools. Now, it seems like another update could be just around the corner: version 18.2.1.

MacRumors found evidence of the update in their analytic logs, a source that has supposedly revealed quite a few iOS versions before release. Given that this is a minor update, it isn't likely to come with new features or anything groundbreaking. Instead, it will most likely be targeted at bug fixes, although no specific problems have been named. You should expect this update to drop either in late December or early January, but a year-end release is more likely.

Read more
If your iPhone can handle iOS 18.2, it can probably handle iOS 19
An iPhone 15 Pro Max running iOS 18, showing its home screen.

The last few iPhone updates have brought a lot of changes with them. Just take a look at iOS 18.2: It introduced a ton of AI-powered features that had never before been available. If you have an older phone, it's easy to worry that its hardware won't be up to snuff for the next round of updates. For now, you can breathe easy: If your iPhone can handle iOS 18, then it should also work with iOS 19, according to a new leak.

The news comes from the French site iPhoneSoft. Although Apple guarantees five years of support for its devices, some devices get supported for longer periods of time, but this tip suggests that any phone currently capable of downloading and installing iOS 18 will also work with iOS 19, although some features could be limited.

Read more