Zerodium, a notorious “premium acquisition program for zero-day exploits and advanced cybersecurity research” has paid out the 1 million dollar bounty it offered for anybody who could “find a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple’s mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants with full privileges.”
The winning team cannot be identified due to having to sign a non-disclosure agreement as part of the agreement.
A “wanted poster” for the iOS 9 bounty, featured on Zerodium’s website.
What use does Zerodium have for needing such an exploit, and justifying the ridiculously high reward bounty in exchange for it?
There is a new emerging and thriving business revolving around selling exploits to government agencies, who are willing to pay significant amounts to bypass the security of applications that companies who created them refuse to allow them to access.
Many companies, such as Mitnick Security have programs which match exploit holders to government personnel, which are heavily controversial regarding the ethics behind it.
If Zerodium were to sell the newly discovered iOS exploit to the right clients, they could potentially come up with a much, much larger profit.
Sources:
- http://motherboard.vice.com/read/somebody-just-won-1-million-bounty-for-hacking-the-iphone?utm_source=mbtwitter
- https://www.mitnicksecurity.com/shopping/absolute-zero-day-exploit-exchange