A cybersecurity company is offering $1 million to any individual or team who can create an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices,” according to a company blog post.
Zerodium wrote that it has up to $3 million to reward for iOS exploits and/or jailbreaks. Eligible submissions must have a “full chain of unknown, unpublished and unreported vulnerabilities/exploits” that are combined to bypass “all iOS 9 exploit mitigations.” That includes ASLR, sandboxes, rootless, code signing and bootchain, the company said.
The initial attack vector must also be either a web page targeting a mobile browser in its default configuration, a text message and/or multimedia file delivered through SMS or MMS, or a web page targeting any application reachable through the browser.
All submissions must be made through encrypted emails.