Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple!
Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10
zero-day exploit, offering a maximum payout of $US1.5 Million.
Yes, $1,500,000.00 Reward.
That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program.
Zerodium, a startup by the infamous French-based company Vupen that buys
and sells zero-day exploits to government agencies around the world,
previously offered US$500,000 for remote iOS 9 jailbreaks, which was
temporarily increased to $1 Million for a competition help by the company last year.
The company paid out $1 million contest reward for the first three iOS 9 zero-days in November to an unnamed hacker group, then lowered the price again to $500,000.
With the recent release of iOS 10, Zerodium has agreed
to pay $1.5 Million to anyone who can pull off a remote jailbreak of
the Apple's latest mobile operating system, allowing a full third-party
control over the device.
The company has also doubled its bug bounty for Android 7.x (Nougat)
remote jailbreaks to $200,000 as well as boosted rewards for exploits
in other software, including Adobe Flash, Microsoft Internet Explorer
and Edge, Windows Reader, Microsoft Word and Excel, Safari, and OpenSSL
The hike in the price is in line with
demand and the tougher security of the latest iOS and Android operating
systems, and to attract more researchers, hackers and bug hunters to
seek complex exploit chains in iOS 10.
To claim the prize money, Zerodium is asking for a previously unknown
security vulnerabilities that must allow an attacker to compromise a
non-jailbroken iOS device remotely.
Zerodium CEO Chaouki Bekrar notes on Twitter that the company is
prepared to buy multiple iOS zero-day hacks at that price, saying "We can afford to buy multiple iOS exploit chains for $1.5M each."
Hackers will get the payout within a week of submitting the zero-day
vulnerabilities along with a valid working proof-of-concept.