Governments and corporations willing to pay have a new way to easily spy on millions of owners of late model iPhones and iPads without them ever knowing.

And here spying could mean targets are physically watched on their own mobile phone cameras.

That's because an unknown hacking team has picked up a $US1 million ($1.3m) bounty to find a way to do it, and the security company behind the exercise is happy to sell it to the highest bidders.

The company, called Zerodium, on Monday used its Twitter account to announce that it had awarded the million-dollar finders fee to a team that successfully showed it could run a remote browser attack against Apple devices using iOS 9.1 and iOS 9.2 beta. The operating system is used in iPhone 5 and 6 series devices and most of its recent model iPads.