Security firm Zerodium has announced a $1 million bounty for vulnerabilities found in iOS 9 that will allow a non-jailbroken device to be compromised and controlled remotely.
The company is looking for an exploit that can be deployed through a Web page or text message to allow the installation of an app on the latest iPhones and iPads.
While it’s widely believed that iOS is incredibly secure, it’s not completely immune to attacks, as the recent App Store breach showed.
To that end, Zerodium notes, “Don’t be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here’s where the Million Dollar iOS 9 Bug Bounty comes into play.”
What does Zerodium want with an iOS hack? The company is in the business of selling such exploits to government agencies and corporate customers, who might well be interested in spying on people.
The terms of the bounty include that the bug must not be reported to Apple or publicly disclosed in any way.
Hackers have until October 31 to submit their findings including a full chain of vulnerabilities and an explanatory whitepaper.
Zerodium is willing to pay the bounty multiple times, but may terminate the offer once its payouts hit $3 million.