Apple is one of the biggest technology companies ever hacking its devices and operating systems is one of the toughest things to crack. There has always been a kind of stand off between hackers and tech companies, as security startups have begun to buy and sell exploits. This is a new system in which they get exclusive access to the companies vulnerabilities.
One of these security startups Zerodium has announced an award of $ 1.5 million if someone can find a zero day exploit in the latest iOS 10. A Zero-day exploit means that the exploit presented have never been disclosed before. Last year too the same company had announced an award of $ 1 million for jailbreaking the iOS, and later kept that deal.
Last year, when Zerodium started, it announced $ 1 million for a limited period and $ 500,000 generally, for iOS 9 vulnerabilities and that too the offer was available for multiple groups. The offers were also launched for Android and Windows. This year for Android Nougat 7, the price can go up to $ 200,000.
Zerodium in a bid to woo more hackers and researchers have upped the ante, and is offering the highest ever prize of $ 1.5 million and that too for an unlimited period. Interestingly, two months earlier, Apple itself had announced a prize for finding bugs in its latest operating system, and firmware.
Though the prize money announced by $ 200,000 only, yet in itself it is the biggest offer ever from Apple. Speaking on the capability of the company, Zerodium founder Chaouki Bekrar in a tweet said, “We want to attract more suppliers as we can afford to buy multiple iOS exploit chains for $1.5M each.” But the problem with the Apple company offer is that the person who submits the bug will only be accepted by invitations, which becomes a game of lucky draw.
On the types of exploits which can be submitted to the company, it wrote on its website, “We only acquire high-risk flaws accompanied by a fully functional and reliable exploit leading to arbitrary code execution, or privilege escalation, or sandbox bypass/escape, or sensitive information disclosure.”