Har du hørt om Zerodium? Det er en virksomhed, der har en temmelig interessant virksomhed - det køber zero-day exploits og derefter sælger dem til internationale offentlige organer. Tilsyneladende, Zerodium really wants to get hold of a series of iOS zero-days and has tripled the price it usually pays for zero-day flaws.
Zerodium’s Price List for iOS 10 Exploits Goes Up
ZERODIUM pays premium rewards to security researchers to acquire their original and previously unreported zero-day exploits affecting major operating systems, software, and/or devices. While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay lower rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.
Sidste år, the company paid $1 million for the first three iOS 9 zero-day exploits. Derefter, this price went down to $500,000. I dette øjeblik, Zerodium is willing to pay a lot more, with the recent release of iOS 10. The firm has announced that it will pay $1.5 million for a remote exploit giving full control over a device. Men, iOS 9 exploits are no longer of interest. Sammenlignet med, Apple is offering $200,000 til iOS zero-day sårbarheder via sin private bug bounty program. If you are a bug bounty, where would you go?
iOS 10 is not the only operating system Zerodium is badly interested in. The company has also doubled the price for zero-day exploits in Android’s latest release. The exploit vendor is also giving away $100,000 for Flash vulnerabilities with a sandbox escape.