Eligible submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits (aka zero-days) which are combined to bypass all iOS 9 exploit mitigations including: ASLR, sandboxes, rootless, code signing, and bootchain.
The exploit/jailbreak must lead to and allow a remote, privileged, and persistent installation of an arbitrary app (e.g. Cydia) on a fully updated iOS 9 device (see below).
The initial attack vector must be either:
- a web page targeting the mobile browser (Mobile Safari OR Google Chrome) in its default configuration; OR
- a web page targeting any application reachable through the browser; OR
- a text message and/or a multimedia file delivered through a SMS or MMS.
The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such attack vectors.).
The exploit/jailbreak must support and work reliably on the following devices (32-bit and 64-bit when applicable):
- iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
- iPhone 5 / iPhone 5c / iPhone 5s
- iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2
Partial or incomplete exploits/jailbreaks will not be eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such partial exploits.
All submissions must be made exclusively to ZERODIUM and must include the fully functioning exploit and its source code (if any), and a detailed whitepaper describing all the zero-day vulnerabilities and techniques used in the jailbreak.4
The bug bounty program is valid and open until October 31st, 2015 at 6:00 p.m. EDT, and or until the firm ends up paying the total promised payout of $3 Million to researchers and developers.
If you are the talented hacker, here is your source for reward $ 1,000,000.00 rewars,
Leave your comment