Você já ouviu falar do Zerodium? É uma empresa que tem um negócio muito interessante - compra exploits de dia zero e depois os vende para agências governamentais internacionais. Pelo visto, Zerodium really wants to get hold of a series of iOS zero-days and has tripled the price it usually pays for zero-day flaws.
Zerodium’s Price List for iOS 10 Exploits Goes Up
ZERODIUM pays premium rewards to security researchers to acquire their original and previously unreported zero-day exploits affecting major operating systems, Programas, and/or devices. While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay lower rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.
Ano passado, the company paid $1 million for the first three iOS 9 zero-day exploits. Então, this price went down to $500,000. Neste momento, Zerodium is willing to pay a lot more, with the recent release of iOS 10. The firm has announced that it will pay $1.5 million for a remote exploit giving full control over a device. Contudo, iOS 9 exploits are no longer of interest. Em comparação, Apple is offering $200,000 para vulnerabilidades de dia zero do iOS por meio de seu programa privado de recompensa por bug. If you are a bug bounty, where would you go?
iOS 10 is not the only operating system Zerodium is badly interested in. The company has also doubled the price for zero-day exploits in Android’s latest release. The exploit vendor is also giving away $100,000 for Flash vulnerabilities with a sandbox escape.