Zerodium Payout for Android Exploits Jumps to $2.5M, iOS Price Drops

Zerodium Payout for Android Exploits Jumps to $2.5M, iOS Price Drops

1 Star2 Stars3 Stars4 Stars5 Stars (Ingen stemmer endnu)
Loading ...

Zerodium, a “leading exploit acquisition platform for premium zero-days and advanced cybersecurity research", has updated its price list. Tilsyneladende, Android exploits are now more expensive than iOS exploits, for the first time in history.

Zerodium is now paying much more for Android exploits, iOS exploits price drops

Zerodium is promoted as a company that pays “BIG bounties to security researchers to acquire their original and previously unreported zero-day research". The company has been focused on high-risk vulnerabilities with fully functional exploits. Their payout can reach up to $2 million per submission.

In its latest update, Zerodium’s pricelist is putting Android exploits ahead of iOS ones. From now, an Android zero-click exploit chain that requires no user interaction could get researchers a payout of up to $2.5 millioner, whereas the same exploit chain in iOS is estimated at $2 millioner.

Compared to what Zerodium was offering last year, the price for Android exploits has jumped multiple times, as the payout used to be up to $200,000.

Here’s a list of the changes the company made to its pricelist:

New Payouts (Mobiles):
$2,500,000 – Android full chain (Zero-Click) with persistence (New Entry)
$500,000 – Apple iOS persistence exploits or techniques (New Entry)
Increased Payouts (Mobiles):
$1,500,000 – WhatsApp RCE + LPE (Zero-Click) without persistence (previously: $1,000,000)
$1,500,000 – iMessage RCE + LPE (Zero-Click) without persistence (previously: $1,000,000)
Decreased Payouts (Mobiles):
$1,000,000 – Apple iOS full chain (1-Klik) with persistence (previously: $1,500,000)
$500,000 – iMessage RCE + LPE (1-Klik) without persistence (previously: $1,000,000)
No modifications

Why are Android exploits more valuable now?

According to a tweet from the company’s Twitter account, the updates in the prices “for major Mobile exploits” is “in accordance with market trends."

"For første gang, we will be paying more for Android than iOS. We’ve also increased WhatsApp & iMessage (0-klik) but reduced the payout for iOS (1-klik) in accordance with market trends,” the company said.

Considering the nature of Zerodium’s work, the price changes may be linked to the growing interest in Android exploits from law enforcement and government agencies.

A couple of days ago, several privilege escalation exploit chains were discovered in iOS devices by Google’s Threat Analysis Group (TAG) and Project Zero teams.

The vulnerabilities were actively used by threat actors who also used compromised websites to carry out watering hole attacks against iPhone users. Almost all versions between iOS 10 og iOS 12 var påvirket. The websites used in these attacks were visited thousands of times on a weekly basis.

I 2016, the company was willing to pay $1.5 millioner for a remote exploit, at the time of the release of iOS 10. Sammenlignet med, back then Apple was offering $200,000 for iOS zero-day vulnerabilities via its private bug bounty program.


Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum for 4 år. Nyder ’Mr. Robot’og frygt’1984’. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler!

Flere indlæg

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...