Million Dollar iOS9 Bug Bounty

I for one actually feel much more secure knowing that iOS is so secure that $1 million is considered the public value of an exploit. Vupen bought flash zero days for $30,000 in the past so knowing that iOS exploits are now valued enough to attract this kind of bounty makes me much more confident script kiddies and scammers will not be able afford to attack me. And lets face it, we were never secure from the NSA in the first place...

I might be missing something, but has there ever been <i>any</i> exploit (or string of simultaneous exploits) for iOS or android which meets all the criteria?<p>It must be through a text message or web page, it must be remote, reliable, silent, require no interaction, must be entirely comprised of 0-day exploits throughout the whole chain, must affect multiple architectures and all supported devices, and must bypass all security checks to allow full root access.

And all you have to do is sell your unicorn vulnerability to this company:<p><i>ZERODIUM customers are major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organizations in need of specific and tailored cybersecurity capabilities</i><p>The offer to buy RCE in PHPBB&#x2F;vBulletin is a nice touch.

A million bucks for a iOS 9 vulnerability sounds nice. But is that worth having the death, imprisonment, or torture of possibly innocent people on your conscience? If a government is buying these vulns, there is no telling what they will do with them.

Is this a Zerodium ad masquing the politically incorrect PR of &quot;zerodium has 0day exploits available for sale&quot;? I mean how else would anyone advertise availability of 0day without compromising their credibility? $1M per exploit would sure get you lots of press.

&quot;The whole exploitation&#x2F;jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS&#x2F;MMS (attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such attack vectors.).&quot;<p>Can someone explain this part? Jailbreak from a website, sms, or mms seems ... impossible. Has this even been possible with older jailbreaks?

I have to wonder: what stops someone from selling the &quot;exclusive&quot; rights to an exploit, waiting for the check to clear, and then disclosing it privately to the vendor to get fixed?

<i>The exploit&#x2F;jailbreak must support and work reliably on the following devices (32-bit and 64-bit when applicable): - iPhone 6s &#x2F; iPhone 6s Plus &#x2F; iPhone 6 &#x2F; iPhone 6 Plus - iPhone 5 &#x2F; iPhone 5c &#x2F; iPhone 5s - iPad Air 2 &#x2F; iPad Air &#x2F; iPad (4rd generation) &#x2F; iPad (3th generation) &#x2F; iPad mini 4 &#x2F; iPad mini 2</i><p>So did i read this correct and the exploit must be backwards compatible in order to get the full bounty?

off topic, but wow it&#x27;s really annoying that the site overrides your scroll-speed settings.

Has anyone tried a really long password ;-)

Sounds like ios8 will be the last jailbreakable version. Shame.

Saurik, you can do it ;)

What they&#x27;re not telling you is finding this exploit entails NP=P. It sure has the same bounty value on its head. jk