The same firm made headlines last year when it offered $1 million for unknown iPhone and iPad flaws.
Looking to make some serious cash? Grab an iPhone and start hacking.
The somewhat controversial security start-up Zerodium, which buys and sells zero-day (aka unknown) software exploits, has increased its permanent bug bounty for iOS flaws to $1.5 million.
The firm made headlines last year when it offered $1 million for unknown iPhone and iPad flaws. Zerodium ended up cutting that $1 million bounty in half after paying for three qualifying submissions, but now the reward is back up and higher than ever.
If iOS hacking isn’t your thing, the company also this week increased bounties for Android and Flash flaws. Zerodium is now paying double — or $200,000 — for Android bugs and $80,000 for Flash vulnerabilities (up from $50,000).
Zerodium founder Chaouki Bekrar told Ars Technica the new prices reflect today’s tightened security landscape. “Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions,” he told Ars.
Apple launched a bug bounty program of its own just last month, offering hackers up to $200,000 to identify vulnerabilities in its products. Google has offered bug bounties for some time, but its prices, too, are only a fraction of Zerodium’s million-dollar-plus payday.
As Ars notes, however, getting a bounty from Zerodium requires a lot more work, since the company is seeking so-called “weaponized” exploits, which give an attacker full control over a targeted device, not just rough proof-of-concept code. It’s also worth mentioning that not everyone is a fan of Bekrar, who has a history of selling exploits to the highest bidder, rather than disclosing issues to the manufacturer.