The start-up of the infamous French company Vupen that buys and sold zero day operations to government authorities around the world, Zerodium, now said that it would pay up to $2 million for remoteiOS jailbreaks and $1 million to take advantage of secure messaging applications. Get a $2 Million Remote Dropping An iPhone Zerodium previously offered $1.5 million for persistent iOS jailbreaks, which can be executed remotely without a user’s interaction (no-click). The company now offers $1.5 million for remoteiOS jailbreaks requiring minimal interaction between the users (i.e. a single click). Zerodium also doubled the price of remote code execution (RCE) exploits for secure messaging apps like WhatsApp, iMessage, and SMS / MMS apps for every mobile operating system, making them 1 million from $500,000. But for the popular encrypted app Signal, which is widely used by many technicians, journalists and lawyers, the price for zero-day exploits remained $500,000 the same as in previous years. Additional Zéro-day Buyout Offers The list of revised Monday prices announced by Zerodium for a range of other feats: $1 million for remote-click execution exploits in Windows (formerly $500,000) $500,000 for remote code execution exploits in Chrome including a sandbox escape (formerly $250,000 and $200,000 respectively for Windows and Android) $500,000 for Apache or Microsoft. The price increase is in line with demand for, and more robust security on, the most recent operating systems and messaging applications, and attracts more researchers, hackers and hot bugs. $100,000 is available to host (previously $100,000) for local pin / password or touch ID bypass for the Android and iOS (previously $15,000) for Windows privilege escalation or sandbox escaping (previously $50,000). Twitter Announcement about price.
— Zerodium (@Zerodium) 7 January 2019 In terms of popularity and security of the software or system concerned and the quality of the feature presented by Zerodium, such as the full or partial chain, the amount paid by Zerodium to researchers for acquiring original zero day achievements influences the current version, reliability, circumvented exploit reductions, process continuations and so on. Your research must be original and unreported in order to claim the prize money. Zerodium also said it is willing to reward scientists even more for their outstanding achievements or research. The payout will be received by Hackers within a week after they have submitted the zero-day proof of concept together. Zerodium recently revealed that the NoScript browser plugin could have utilized a critical zero-day vulnerability to execute a JavaScript malicious system in victims ‘ tor browsers to identify the actual IP address of victims, even if the highest security level has been used.
