Have you heard of Zerodium? It’s a company that has a pretty interesting business – it buys zero-day exploits and then sells them to international government agencies. Apparently, Zerodium really wants to get hold of a series of iOS zero-days and has tripled the price it usually pays for zero-day flaws.
Zerodium’s Price List for iOS 10 Exploits Goes Up
ZERODIUM pays premium rewards to security researchers to acquire their original and previously unreported zero-day exploits affecting major operating systems, software, and/or devices. While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay lower rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.
Last year, the company paid $1 million for the first three iOS 9 zero-day exploits. Then, this price went down to $500,000. At this moment, Zerodium is willing to pay a lot more, with the recent release of iOS 10. The firm has announced that it will pay $1.5 million for a remote exploit giving full control over a device. However, iOS 9 exploits are no longer of interest. In comparison, Apple is offering $200,000 for iOS zero-day vulnerabilities via its private bug bounty program. If you are a bug bounty, where would you go?
iOS 10 is not the only operating system Zerodium is badly interested in. The company has also doubled the price for zero-day exploits in Android’s latest release. The exploit vendor is also giving away $100,000 for Flash vulnerabilities with a sandbox escape.