Privately held security firm Zerodium has upped the iOS 10 jailbreak bug bounty ante, and more than matched Apple’s offering, by tripling the amount of money that it will offer to anyone presenting a remote jailbreak that works on iOS 10.
Yesterday it was announced that Apple had brought together some of the most respected security researchers and hackers to kick off its bug bounty program that was announced at this year’s Black Hat Conference with financial awards of up to $200,000. Zerodium once again has its own agenda, and will eclipse Apple’s offering with huge financial rewards of up to $1.5 million awarded to those serving up zero-day exploits.
Rather than having financial rewards in place for any type of vulnerability or exploit, Zerodium as a company chooses to focus on acquiring original and “previously unreported exploits” affecting “major operating systems, software, and/or devices.” According to the company’s own graphic outlining the platforms and devices applicable, Zerodium will offer up to $100,000 f0r a remote jailbreak for Windows Phone, or up to $200,000 for a remote jailbreak on an Android device. As you might expect however, the real rewards come from Apple’s iOS platform.
Zerodium will be giving away $1.5 million for a functioning, original and remote jailbreak for Apple’s iOS 10 platform, which not only genuinely outlines just how valuable exploiting that particular platform is, but also just how much Zerodium actually focuses on high-risk vulnerabilities:
ZERODIUM pays premium rewards to security researchers to acquire their original and previously unreported zero-day exploits affecting major operating systems, software, and/or devices. While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay lower rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.
As a company, Zerodium has form when it comes to offering this type of money for information, vulnerabilities and exploits pertaining to the iOS platform. Last year, the company offered a bounty of $1 million for an iOS 9 jailbreak, a sum of money which was collected approximately 6 weeks after the bounty was announced. It seems that Apple offering its own bounty of up to $200,000 may have forced Zerodium into upping its own payouts to ensure that the information doesn’t go directly to Apple.