Zerodium has announced that it will pay out the $1m bounty it has offered for working zero-day hack against iOS. The prize, for a working exploit which requires no more than a text message to be received or a website to be visited, offers an attack vector which may be used to defeat the security measures Apple uses to keep iOS private.
Whilst the normal outlet for this sort of thing would be the iOS jailbreaking community, the recent problems that governments have had gaining access to secured iPhones will almost certainly mean Zerodium is able to sell this exploit to various governments around the world, who would no doubt pay highly to have a backdoor into a previously untouchable device.
Zerodium says it will not tell Apple what the exploit consists of, reasonable given that it has paid out a chunk of cash to acquire what is a very marketable product.
Whilst governments gaining the ability to compromise iOS devices doesn't sound like the sort of thing that would worry most people, the fact that an exploit exists should cause users to pause. Apple users have stored credit cards in iTunes accounts and Apple Pay. The prospect of that information becoming accessible and usable by anybody intent on ripping you off should be a cause for sleepless nights.