Wanted alive: $1m for an iOS 9 bug to hijack, er, jailbreak iThings
Exploit-broker sets bounty for iPhone, iPad OS zero-day
Exploit traders Zerodium will pay a million dollars to anyone who finds an unpatched bug in iOS 9 that can be exploited to jailbreak iThings – or compromise them.
The $1m (£640,000) bounty will be awarded to an individual or team that provides a working exploit to achieve remote code execution on an iOS device via the Safari or Chrome browsers or through an SMS/MMS message.
This exploit could be combined with other exploitable vulnerabilities to perform an untethered jailbreak on an iPhone or iPad, allowing fans to install any applications they want on their gadgets – particularly software not available on Apple's App Store.
A lot of people are willing to pay cash to jailbreak their iGear, so there's money to be made by packaging up the bug into a jailbreak tool – all you'd need to do is visit a special webpage in Chrome or Safari on iOS to trigger the installation.
Alternatively, someone could use one of these remote code-execution vulnerabilities to infiltrate people's devices from across the internet, run malicious code, and spy on them.
These sorts of flaws are often first exploited by jailbreak tools, and then later patched by Apple in iOS security updates.
Zerodium said it would pay out up to three bounties (for a total of $3m) for the program running through October 31. The winning exploits must be able to execute on the latest versions of the browsers on iOS for iPhone 5 and later (including the iPhone 6S and 6S Plus), iPad Mini 2 and later, and iPad Air and later.
"The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading an SMS/MMS. Attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty," Zerodium said.
While Apple will presumably eventually find out about the remote-code execution flaws, and patch iOS to mitigate, Zerodium will give details of the exploits to customers of its Zerodium Security Research Feed Z-SRF for them to use as they see fit.
The contest kicks off just days after researchers spotted a massive malware infection targeting iOS devices in China. The malware was linked back to a poisoned version of Apple's Xcode developer kit being used by some Chinese iOS app developers. Researchers estimate the attack, known as XcodeGhost, resulted in nearly 350 malware-laden apps being posted into the Chinese version of the App Store. ®