Monday, November 4, 2024
HomeBug BountyZerodium Now Paying You $2.5 Million For Android Zero-day Exploit and $1.5...

Zerodium Now Paying You $2.5 Million For Android Zero-day Exploit and $1.5 Million for WhatsApp RCE Exploit

Published on

Malware protection

Exploit acquisition platform Zerodium released a new payout for mobile exploits with surprising payment for both Android and iOS platforms.

Zerodium, a Cybersecurity company known for buying premium exploits from security researchers for several platforms including Operating Systems, Web Browsers, Mobiles,  Web Servers, Email Servers, WebApps/ Panels.

Unlike the majority of existing bug bounty programs that accept almost any kind of vulnerabilities and PoCs but pay very low rewards but Zerodium mainly focuses on very high-risk vulnerabilities and with fully functional exploits.

- Advertisement - SIEM as a Service

According to New payout release, Zerodium now paying more for Android Exploits than iOS, In which, they are paying $2,500,000 for Android full chain (Zero-Click) with persistence exploit and $1,500,000 for iMessage RCE with LPE( Local Privilege Escalation).

It’s a surprising moment for bug bounty community to earn more money by reporting quality of mobile zero-day exploits and there is no price changes for Desktops/Servers exploits.

In the Mobile platform, Zerodium Increased Payouts for WhatsApp RCE and iMessage RCE + LPE (Zero-Click) without persistence from $1,000,000 to $1,500,000.

Also decreased the payout from $1,500,000 to $1,000,000 for Apple iOS full chain exploit and $1,000,000 to $500,000 for iMessage RCE + LPE  without persistance.

According to ZERODIUM new report, “The amounts paid to researchers to acquire their original zero-day exploits depend on the popularity and security level of the affected software/system, as well as the quality of the submitted exploit (full or partial chain, supported versions/systems/architectures, reliability, bypassed exploit mitigations, default vs. non-default components, process continuation, etc). 

New changes applied only for mobile platform and there is no changes in Desktops/Servers based zero-day exploit acquisition.

Zerodium takes one week and less to verify all submitted research. Once they confirm the then the payment will be initiated via various medium including bank transfer or cryptocurrencies such as Bitcoin or Monero.

You can also take Master in Bug Bounty course online to enhance your skill in Bub Bounty programs and ethically reporting the vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and Hacking News update

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a...

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Abuse EDRSilencer Red Team Tool To Evade Detection

EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...