Zerodium Offers $1 Million Bounty For Apple OS Jailbreak



If you’re an experienced security researcher, reverse engineer or jailbreak developer, Zerodium has an offer you probably can’t refuse.

The cybersecurity firm has announced its “Million Dollar iOS9 Bug Bounty”. Until the end of October, you can try to jailbreak Apple’s new iOS9 operating system and win one million dollars. The competition is open only until October 31, 2015, 6:00 p.m. EDT (6 p.m. November 1 in the Philippines). Full rules of the contest include the condition that the jailbreak has to work on both the iPhone 6 and iPhone 6S and that the attack must be made through Safari or Chrome browsers, or through a text message.

Apple’s iOS, like all operating systems, is often affected by critical security vulnerabilities. However, due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, it’s currently the most secure mobile OS.

But don’t be fooled. “Secure” does not mean unbreakable. It just means that iOS has currently the highest cost and complexity of vulnerability exploitation. And that’s where the “Million Dollar iOS9 Bug Bounty” comes into play.


The company is willing to shell out a total of $3 million ($1 million per individual or team) for the creation and submission of an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.

“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS,” Zerodium said.

Attacks that require physical access, or are carried out over Bluetooth, NFC or baseband are not eligible, the company said, adding that the only devices in scope are iPhone 5 and later, and iPad Air, Air 2, third-and fourth-generation iPads, and iPad mini 2 and 4.

Zerodium was founded by cybersecurity experts and specializes in “vulnerability research and exploitation.” According to Forbes, Zerodium’s business model insures that only paying customers have access to vulnerability information they’ve gathered. Vendors—in this case, Apple—aren’t informed about the flaws in their software.

You can find more details and specific competition rules at the Zerodium website.