**************************************
Exploit trader offers $1m bounty for iOS zero-day.
By Stephen McBride Published September 22, 2015 Malware dealers have offered a $1m bounty to any miscreant that can build useable zero-day exploit code for Apple's iOS 9, The Register reported.
The exploit trader, called Zerodium, will likely use the exploit in concert with others to achieve remote code execution, so it can sell jailbreak services to iFans. Jailbroken iOS devices give their users freedom to install any apps they want.
But any exploit uncovered by would-be bounty-collectors could also be potentially used for installing malware, allowing third parties to compromise, spy on, or steal data from a target device.
Zerodium is prepared to accept code that executes through Safari or Chrome Web browsers, or through an SMS or MMS message. It is willing to pay out up to three bounties, for a total of $3m as part of the scheme, which ends on 31 October.
Submitted exploits must be able to run on the latest versions of Safari or Chrome on iOS for iPhone 5 and later, including Apple's forthcoming iPhone 6S and 6S Plus. They must also run on iPad Mini 2 and later, and iPad Air and later.
full article
