Premium exploit acquisition platform Zerodium has now rewarded the hacking team that was able to provide them what they were looking for that led them to launch the September challenge – an untethered iOS 9.1 and 9.2 jailbreak that will allow access to iOS devices over the internet and without any need for user interaction.
The winning hacking team, which submitted the gem moments before the contest closed, was not named but it was paid a hefty price as promised – a $1 million bounty. In an interview with Wired, Zerodium founder Chaouki Bekrar said that the high-priced software will be laid out to its customers.
By customers, Bekrar meant "major corporations in defense, technology and finance" that happen to look for zero-day attack protection and also the "government organizations in need of specific and tailored cybersecurity capabilities."
Talking to The Register UK about the eye-popping reward tied up to the software, Bekrar said that "No software other than iOS really deserves such a high bug bounty," adding that there was much more work put into the iOS 9.1 and 9.2 jailbreak because of its browser-based nature.
"The exploit chain includes a number of vulnerabilities affecting both Google Chrome browser and iOS, and bypassing almost all mitigations in place," Bekrar explained. As expected, Zerodium will not make available to the public the million dollar jailbreak tool, which Bekrar believes is a proof that the hard-bitten tech still has its weak point.
Another thing the organization doesn't plan on doing is sharing the weaknesses of the operating system breached by the iOS 9.1 and 9.2 jailbreak to Apple itself. It will definitely share the information to its customers first but giving the tidings to Apple may or may not happen. If Zerodium decides to do so, it will be done at a later date.
