Zerodium has tripled the bounty it offers for an Apple iOS 10 remote jailbreak, boosting the reward today to $1.5 million USD, founder Chaouki Bekrar said.
Zerodium had previously offered $1 million for iOS 9 attacks that result in an untethered jailbreak, but that bounty was for a specific time frame. The $1.5 million bounty announced today is permanent, Bekrar said.
“We’ve increased the price due to the increased security for both iOS 10 and Android 7, and we would like to attract more researchers all year long, not just during a specific bounty period as we did last time,” Bekrar said.
The company also doubled its reward for Android 7.x and 6.x remote jailbreaks to $200,000, and boosted rewards down the line for exploits in other software including Adobe Flash, Microsoft Internet Explorer and Edge, Safari, OpenSSL or PHP, Windows Reader and Microsoft Word and Excel attacks.
Zerodium launched in late July 2015 with a focus on buying high-risk zero-day vulnerabilities only, and for all major platforms and third-party applications such as Adobe products. Mobile platforms, including Android, BlackBerry and Windows Phone in addition to iOS, are also in scope for Zerodium as are the major web and email servers. The attacks it purchases are built into a feed of exploits and defensive capabilities for its customers.
Exploit vendors such as Zerodium and Bekrar’s previous company VUPEN operate in a controversial market where bugs and attacks are purchased from researchers and sold to customers, mostly governments, without being patched by affected vendors. Bekrar has always maintained that his company sells only to democratic and non-sanctioned governments.
Last year’s breach of the HackingTeam, a controversial surveillance company, exposed a number of zero days that were being sold to oppressive regimes for the purposes of monitoring citizens. In August, Apple rushed an emergency iOS patch after three zero-day vulnerabilities known as Trident were being sold by an Israeli company called the NSO Group and used by governments to spy on activists and journalists.
Both Apple and Google have made huge strides in locking down their respective mobile operating systems. At Black Hat, Apple head of security engineering and architecture Ivan Krstic unveiled a host of new iOS 10 security features that include new protections around the Secure Enclave processor, hardened WebKit JIT mapping in Safari, and insight into how Apple builds its encryption and how keys are protected and shared internally.
Apple also announced an iOS and iCloud bug bounty that pays six figures for secure boot firmware bugs and attacks that extract data from the Secure Enclave.
Google, meanwhile, has announced new security features in Android 7, known as Nougat, that improves protections at boot, with file encryption, and hardening mediaserver which was at the heart of the Stagefright vulnerabilities of 2015.
Bekrar said his company currently has more than 100 external researchers working with Zerodium.
“During the last 12 months we’ve paid more than $6.5 million in premium bug bounties to researchers,” he said. “The highest payouts were for iOS and Android.”