Exploit acquisition platform Zerodium has increased its reward for a successful jailbreak of iOS 10 to $1.5 million, far surpassing Apple's recent payout offer for discovering and reporting vulnerabilities in its software.
Late last year, Zerodium briefly offered and paid out $1 million to one hacking team for the successful creation of a browser-based jailbreak for iOS 9.1 and 9.2, but dropped the going rate for an exploit to $500,000.
/article-new/2016/09/zerodium.jpg?lossy)
Rather than report the vulnerabilities to Apple, Zerodium said that it would sell the exploit to its customers, which include major technology, finance, and defense corporations, as well as government agencies.
Instead of being limited to a specific timeframe, the new $1.5 million reward is a permanent offer that aims to compensate for Apple's recently hardened security regime, said Zerodium founder Chaouki Bekrar.
We've increased the price due to the increased security for both iOS 10 and Android 7, and we would like to attract more researchers all year long, not just during a specific bounty period as we did last time.
At the same time, Zerodium's decision to up its bug bounty can be seen as a response to the imminent launch of Apple's own program.
Last month at the annual Black Hat Conference, Apple announced the launch of an invite-only Security Bounty Program that would offer rewards of up to $200,000 to researchers depending on the vulnerability discovered. Apple said the program would be limited to a few dozen researchers and would go live in September.
Earlier this week, several news media outlets were seemingly duped into reporting on an alleged 'secret' meeting of prominent hackers at Apple's Campus in Cupertino, which was supposed to include a briefing on the company's bug bounty program. The meeting was apparently a hoax perpetrated by the hackers themselves.
@qwertyoruiopz Forbes punk’d — franz (@neozeed) September 28, 2016
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Top Rated Comments
(View all)Why should not this be legal ?
If i sold a vulnerability of you home alrm system to someone would you like that?If i sold a vulnerability of you home alrm system to someone would you like that?
Just because I don't like something doesn't automatically make it illegal.How is this even legal?
My thoughts exactly. This is a national security issue, not some business deal. We have the Patriot Act, but no legal requirement to report potential security vulnerabilities to the companies that make hardware and software?Anybody who takes this 'bounty' should be held legally liable, along Zerodium, for any damages caused by a customer exploiting a bug...
Did anybody not see this part ?