Firm Offers $500K for Apple iOS Exploits

Firm Offers $500K for Apple iOS Exploits

Exploit trading company Exodus Intelligence is offering $500,000 for iOS zero day exploits, just days after Apple launched its own bug bounty program.

The firm explained in a blog post on Tuesday that it’s also willing to pay up to $125,000 for Microsoft Edge exploits, as part of what it called its “Research Sponsorship Program” (RSP).

That’s a huge mark-up on the $1500 Microsoft is prepared to shell out. Apple’s top payment is a more hefty $200,000 but this still falls some way short of the amount Exodus is prepared to pay out.

“For each new Zero-Day acquired, Exodus will offer the researcher an initial payment, received after the request is reviewed and accepted. Once accepted, the researcher could receive payments every quarter the Zero-Day exploit is still alive,” it explained.

“The specific values of the initial payment and quarterly bonus will be included in an offer presented to the researcher, following the review of their work. Additionally, Exodus also offers payment in the form of Bitcoin for Zero-Day research.”

Apple announced its bug bounty program last week, claiming it would only be open to a few dozen researchers to begin with.

The top award of $200,000 is reserved for those who find serious vulnerabilities in the iOS secure boot firmware.

The firm probably feels the need to crowdsource bugs in this way as it is under increasing pressure from US law enforcers keen to crack its handsets in order to access data they believe is vital to ongoing cases.

It emerged in April that the FBI might have paid hackers in excess of $1 million to source a zero day vulnerability which allowed it to access the device of one of the alleged San Bernardino shooters.

That followed a major stand-off with Apple in the courts which the tech giant eventually won, claiming that engineering backdoors in any of its products would set a dangerous precedent.

Source: Information Security Magazine