There could be lot of experts working on iOS 9 jailbreak which could come any time but a start-up called Zerodium has put out a huge bounty for individuals and organisations around the world who can provide them with the exploits of the new operating system on Apple devices.
In its programme called "The Million Dollar iOS 9 Bug Bounty", which is tailor-made for experienced security researchers, reverse engineers, and jailbreak developers, Zerodium has offered $1 million each to three researchers who come up with iOS 9 jailbreak on Apple's iPhones and iPads. The total payout by the firm stands at $3 million.
Zerodium claimed in a statement that it will pay out $1 million to "each individual or team who creates and submits" to the firm "an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices."
"Apple's iOS is currently the most secure mobile OS. But don't be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here's where the Million Dollar iOS 9 Bug Bounty comes into play," says the notice put out by Zerodium.
However, there are certain things that applicants need to know (according to Zerodium website):
- Eligible submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits (aka zero-days) which are combined to bypass all iOS 9 exploit mitigations including: ASLR, sandboxes, rootless, code signing, and bootchain.
- The exploit/jailbreak must lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device.
- Attack should be attacked via a web page targeting the mobile browser (Mobile Safari OR Google Chrome) in its default configuration; a web page targeting any application reachable through the browser; or a text message and/or a multimedia file delivered through a SMS or MMS.
- Jailbreak should work on iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone 5, iPhone 5c, iPhone 5s, iPad Air 2, iPad Air, iPad (4rd generation), iPad (3th generation), iPad mini 4 and iPad mini 2.
- Partial or incomplete exploits/jailbreaks will not be eligible for the Million Dollar iOS 9 Bug Bounty. Zerodium may, at its sole discretion, make a distinct offer to acquire such partial exploits.
- All submissions must be made exclusively to Zerodium and must include the fully functioning exploit and its source code (if any), and a detailed whitepaper describing all the zero-day vulnerabilities and techniques used in the jailbreak.
Researchers can submit their findings till 6:00 p.m. EDT, 31 October, 2015, to claim $1 million through "The Million Dollar iOS 9 Bug Bounty" programme. The firm will terminate the offer when the payout reaches the stipulated $3 million.