Security firm puts $1 million bug bounty on iOS 9

Cult of Mac ^ | Sept. 21, 2015 | BY BUSTER HEIN

[Swordmaker]

Wanna be a millionaire? Security Firm Zerodium is offering a cool $1 million for each bug found in iOS 9 that will allow a complete, secret hacking of the OS that will allow Jailbreaking the iPhone or iPad by merely visiting a website or clicking on a link. Get rich all you Apple Haters who think that iOS is a weak sieve, full of security holes, here's your chance to prove your point and get rich at the same time! — PING!

Apple iOS Challenge for $1,000,000
Ping!

The Latest Apple/Mac/iOS Pings can be found by searching Keyword “ApplePingList” on Freerepublic’s Search.

If you want on or off the Mac Ping List, Freepmail me.

[texas booster]

Clever marketing.

Lots of free advertising, very unlikely to actually pay.

Another unknown company plugs itself through PRNewswire, gets picked up on blogs everywhere.

[Rodney Dangerfield]

Glad I can still Root my Android device.

[Swordmaker]

Clever marketing.

Lots of free advertising, very unlikely to actually pay.

Another unknown company plugs itself through PRNewswire, gets picked up on blogs everywhere.

I suspect you're right. Some speculate this may be a subsidiary of Apple looking for a way to get find bugs to close. This would be a good way to find them. On the other hand these may be crooks. . . and they won't pay.

They do not seem to have a track record anywhere, according to some of the commenters.

[Swordmaker]

Glad I can still Root my Android device.

You can jailbreak an iPhone, but then it is no longer secure from malware.

[Rodney Dangerfield]

Good to know you can still JB iOS

[LesbianThespianGymnasticMidget]

http://www.ios9cydia.com/ios-9-jailbreak.html

It is true. IOS 9 is untethered JB capable, but i would wait till a bullet proof JB is available.

[ctdonath2]

Ah yes, Android, that shining example of security.
Security easily broken by entering a really long wrong password.

[FreeInWV]

What are the odds that Zerodium is based out of Fort Meade?

[Rodney Dangerfield]

It’s not quite that simple as entering a really long password and I my device does not go unsecured/out of my physical control.

I used to do iPhones/JB/Cydia etc...but migrated over to Android and like it better.

[Rodney Dangerfield]

It’s not quite that simple as entering a really long password and I my device does not go unsecured/out of my physical control.

I used to do iPhones/JB/Cydia etc...but migrated over to Android and like it better.

[doc1019]

Anybody willing to put up this kind of money with Microsoft in mind?

[ctdonath2]

Then again, it’s not much harder than entering a really long password. Not like a couple extra taps really mitigate the problem. And not like you’ll never ever lose physical control of your device.

But then again, if you’re comfortable with deliberately breaking the security provided by the operating system such that malware et al have a good shot at your data, then I suppose really long passwords aren’t a problem to you.

The more I hear the reasons for “walled gardens suck!” and the weeds open gardens have to deal with, the more I like the walled garden: I can get $#!^ done without having to waste time dealing with the malicious.

[ctdonath2]

No point. Microsoft implemented the malware and called it Windows. (Download multi-gigabyte files via data-capped networks for local storage on small devices? Sticking ads directly into your Start menu? Really?)

[D-fendr]

From their website:

ZERODIUM customers are major corporations in defense, technology, and finance…

Sure they are...

:)

[dayglored]

> Get rich all you Apple Haters...

LOL! The Apple Haters mostly don't own iDevices! Heck, they wouldn't use an iDevice if you paid them a million bucks, and... hey wait a minute...

[D-fendr]

Found this interesting paragraph from the Wired article on the bounty:

Zerodium founder Chaouki Bekrar has long been one of the few public faces of the zero-day industry; In addition to his new startup Zerodium, which launched in July, he’s also the founder of the more established French hacking firm Vupen, which has been unusually open about the fact that it develops intrusion techniques for popular software and sells them to government agencies around the world. With the new company and his flashy iOS bounty, Bekrar is expanding from merely creating zero-days to brokering them, too, as a kind of hacker middleman.

I'm old, I just don't like a world that rewards these guys.

[Swordmaker]

Zerodium founder Chaouki Bekrar has long been one of the few public faces of the zero-day industry; In addition to his new startup Zerodium, which launched in July, he’s also the founder of the more established French hacking firm Vupen, which has been unusually open about the fact that it develops intrusion techniques for popular software and sells them to government agencies around the world. With the new company and his flashy iOS bounty, Bekrar is expanding from merely creating zero-days to brokering them, too, as a kind of hacker middleman.

The Hacker Team, the group who actually does have the expertise and reputation and really sells the mobile device intrusion tools to the government agencies such as the NSA, CIA, FBI, MI5, The Suretė, and police departments around the world who has the resources to shove at the breaking of even the most difficult nuts, says they have successfully developed tools for every mobile platform except un-jail broken iOS devices! I can see why this upstart is offering such a high bounty.

[Darth Reardon]

Not sure why anyone would be concerned with IOS9, since (last I looked) IOS15 is the current version?