$1,000,000 to Zerodium, apparently. The company acquires 0-day exploits and sells them to ‘major corporations in defense, technology, and finance … as well as government organizations in need of specific and tailored cybersecurity capabilities.’
Back in September, the company offered a $1m bounty for exclusive hacks offering a way to take over an iOS 9.* device remotely via a browser-based, untethered jailbreak. I guess we can assume it expects to make a healthy profit on such hacks.
And sure enough, Zerodium has announced that one team has made a remote browser-based iOS untethered jailbreak that works on iOS 9.1/9.2b.
I’d love to tell you more about it, but I don’t think I can afford to be one of Zerodium’s customers. There are some more speculative responses from researchers quoted in a Motherboard article here. Unsurprisingly, I suppose, it seems that Apple hasn’t responded.
HT to Artem I. Baranov for flagging the announcement.