Zerodium, launched early this year in the United States by French online security expert Chaouki Bekrar, said it would pay out $1 million each to as many as three people or teams who manage to break into iPhones or iPads equipped with the iOS 9 software.
To win the money, hackers must use a web page or text message to remotely bypass the iOS 9 security and discretely install an application on the iPhone or iPad by October 31, the company said in an online statement.
The hackers must exploit previously unknown weaknesses in the security system.
Apple's operating system is the most secure on the market, Zerodium said.
"But don't be fooled. Secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here is where the million dollar iOS 9 bug bounty comes into play."
Zerodium says it rewards independent researchers for discovering new software vulnerabilities. It then analyses the security data to help corporate and government agency clients to beef up their online defences.
"The strength of iOS is essentially based on layers of security that are individually vulnerable but extremely effective together. It is nevertheless to possible to attack each of these elements, which is a fairly long and costly process," Bekrar told AFP.
Several researchers had expressed interest in the bounty, said the Zerodium boss.
Apple had not been consulted about the bounty, he added. Apple, which launched iOS 9 on September 16, was not immediately available to comment.
Get Breaking news, live coverage, and Latest News from India and around the world on NDTV.com. Catch all the Live TV action on NDTV 24x7 and NDTV India. Like us on Facebook or follow us on Twitter and Instagram for latest news and live news updates.