Escalating Value of IOS Bug Bounties Hits $2M Threshold

In the escalating market for security vulnerabilities a new milestone has been recorded early in the new year, with $2 million now being offered for a remote Apple IOS exploit. The $2 million award is being offered by vulnerability acquisition firm Zerodium, which first achieved global notoriety for offering $1 million for an IOS 9 zero-day exploit back in September 2015. In September 2016, Zerodium increased its top IOS exploit award to a $1.5 million, which has now been topped by the $2 million bounty. In most bug bounty programs, including managed programs offered by HackerOne and Bugcrowd as well as Trend Micro's Zero Day Initiative (ZDI), security researchers disclose previously unknown "zero-day" vulnerabilities and are then given a financial award. The bug bounty program vendors then disclose the vulnerability privately to the impacted vendor. That's not how Zerodium works, instead what Zerodium does is the company sells the vulnerabilities to its own clients, which includes governments.