Search Here

A team of hackers has captured a bounty of 1 million dollars for exposing vulnerabilities in iOS 9.

Gizmodo reports that a DC-based firm Zerodium awarded hackers the money for jailbreaking

iOS remotely through a browser. To succeed, a chain of hacks was demonstrated as part of the company's 0-day bounty. The vulnerability has not been publicly shared and its unlikely Apple will be told what it is. The company is in the business of selling vulnerabilities to many customers including the government.

"If they're paying a million dollars, I'm sure that means someone is willing to buy it for that or more," said Patrick Wardle of Synack, a security research firm, according to Computerworld. He also termed the exploit very technically challenging as Apple's defenses in iOS 9 are known to be strong.

Though Zerodium said it is extensively the vulnerability, it did not discuss details. To succeed, the hackers should have found vulnerabilities in different components of the operating system including browsers and also ensure a reboot does not override the exploit.

Zerodium's work in the past has drawn flak on ethical grounds from those who contend that vulnerabilities should be reported to device and software makers to benefit end-user, and not to others who may exploit such vulnerabilities.