Zerodium Offers $1 million for iOS 9 Jailbreak

Exploit acquisition firm, Zerodium has announced a one million dollar bounty for exploits or jailbreak specifically designed for the iOS 9 mobile platform.

Zerodium said in a blog post Monday that the bounty, dubbed the “Million dollar iOS 9 Bug Bounty”, is meant to lure curity researchers, reverse engineers and jailbreak developers to crack security on the new Apple operating system.  Teams and individuals have until October 31st of this year to submit their exclusive, browser-based and untethered jailbreak/exploit.  There is a max of three winners(three teams, individuals etc.)

There are some strict rules on the competition.  The jailbreak/exploit must have a  chain of iOS 9 exploits bypassing all mitigation systems including ASLR, sandboxes, code signing, and bootchains, and must allow the remote installation of an app on an iOS 9 device.

“All submissions must be made exclusively to Zerodium and must include the fully functioning exploit and its source code (if any), and a detailed whitepaper describing all the zero-day vulnerabilities and techniques used in the jailbreak,” states the rules and regulations, “The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical access, Bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. Zerodium may, at its sole discretion, make a distinct offer to acquire such attack vectors).”

The company is incredibly clear on the fact that the information cannot be shared with anyone else.  It must be given to Zerodium only, and stay that way, in order to win the rather lucrative prize.


For information on how you can prevent your organization from being breached, visit or call 714-515-4011.


Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *