Heb je gehoord van Zerodium? Het is een bedrijf met een behoorlijk interessant bedrijf: het koopt zero-day exploits en verkoopt deze vervolgens aan internationale overheidsinstanties. Blijkbaar, Zerodium really wants to get hold of a series of iOS zero-days and has tripled the price it usually pays for zero-day flaws.
Zerodium’s Price List for iOS 10 Exploits Goes Up
ZERODIUM pays premium rewards to security researchers to acquire their original and previously unreported zero-day exploits affecting major operating systems, software, and/or devices. While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay lower rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.
Vorig jaar, the company paid $1 million for the first three iOS 9 zero-day exploits. Dan, this price went down to $500,000. Op dit moment, Zerodium is willing to pay a lot more, with the recent release of iOS 10. The firm has announced that it will pay $1.5 million for a remote exploit giving full control over a device. Echter, iOS 9 exploits are no longer of interest. In vergelijking, Apple is offering $200,000 voor iOS zero-day kwetsbaarheden via zijn private bug bounty programma. If you are a bug bounty, where would you go?
iOS 10 is not the only operating system Zerodium is badly interested in. The company has also doubled the price for zero-day exploits in Android’s latest release. The exploit vendor is also giving away $100,000 for Flash vulnerabilities with a sandbox escape.