9to5 Mac reports that black hat security firm Zerodium has increased its maximum bounty for finding zero-day iOS 10 exploits to $1.5 million, having previously offered $1 million for iOS 9 exploits.
Zero-day exploits are those that have not yet been discovered by the developer, and therefore give companies zero days to prepare. Zerodium’s founder, Chaouki Bekrar, told Arstechnica that the company was offering more money for iOS 10 exploits as a result of the increased security in iOS 10.
Bekrar said that Zerodium was prepared to offer much more money for the discovery of zero-day iOS exploits than Android exploits because “iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both.”
Explaining what makes an exploit worth of big-bucks payouts from Zerodium, Bekrar said, “To qualify for a Zerodium bounty, the chain must generally work almost flawlessly to surreptitiously give an attacker complete control over the targeted device. In the parlance of hackers, that’s called a weaponized exploit. It’s not enough that a researcher provides only a rough outline of the vulnerabilities with a less-than-perfect proof-of-concept exploit. The bounties paid by Apple and Google, by contrast, are much less demanding, and as a result, they generally require less work.”
Source: Black hat security company increases bounty to $1.5M as iOS 10 ‘much harder to exploit’