Security Team Reportedly Collects $1M iOS 9 Bug Bounty

 
A team of unnamed security researchers are now $1 million richer.
The researchers apparently discovered a way to break into Apple's new mobile operating system, iOS 9, netting them the huge payout from controversial Washington D.C.-based start-up Zerodium, which buys and sells security zero-day exploits. In a Twitter post Monday, Zerodium congratulated the winners of its Million Dollar iOS 9 Bug Bounty challenge, but kept the identity of the researchers — and details of the winning exploit — under wraps.

Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!

— Zerodium (@Zerodium) November 2, 2015

Zerodium did not immediately respond to a request for comment about the winning flaw or team.
Zerodium launched the contest late last month, offering three $1 million rewards for remote iOS 9 exploits. The company promised $1 million to each individual or team that submitted an "exclusive, browser-based, and untethered jailbreak" for the OS powering Apple's new iPhones.

"Apple iOS, like all operating system[s], is often affected by critical security vulnerabilities," Zerodium said in its announcement. "However due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple's iOS is currently the most secure mobile OS.

"But don't be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation," the company continued. "And here's where the Million Dollar iOS 9 Bug Bounty comes into play."

It's no surprise Zerodium is keeping mum about the flaw. The company's founder, Chaouki Bekrar, has a history of selling exploits to the highest bidder, rather than disclosing issues to the manufacturer.