A famous premium bounties reward company Zerodium pays up to $1,500,000 for critical zero-day submissions and the least reward amount range starts at $5,000 per submission.

This Zero-day submission Zerodium payout rewards applicable for Windows, Mac, Linux, and any OS based desktop, and servers. Zerodium Mobile payout contains iOS Android and any OS.

Unlike the majority of existing bug bounty programs that accept almost any kind of vulnerabilities and PoCs but pay very low rewards, Zerodium mainly focuses on very high-risk vulnerabilities and with fully functional exploits.

Currently acquiring 0day exploits (privilege escalation or RCE) for the following operating systems: OpenBSD, FreeBSD, NetBSD, Ubuntu, CentOS, Debian, and Tails.


Zerodium Pays very high amount especially for mobiles upto  $1,500,000 and it starts from $15,000 which indicate that Zerodium pays more for mobile-based critical zero-day vulnerability than desktop and server-based vulnerabilities.

According to zerodium, The payout ranges listed below are provided for information only and are intended for fully functional/reliable exploits meeting ZERODIUM’s highest requirements. ZERODIUM may pay higher rewards for exceptional exploits or research.

Zerodium Payouts for Desktop /Servers

Zerodium Payouts for Mobiles

Eligible Products and Brands

Zerodium acquires original and previously unreported zero-day from many of the following products.

  • Operating Systems – Windows 10 / 8.1,  macOS 10.x, CentOS, Ubuntu, Tails)
  • Web Browsers – Chrome, Edge, Firefox , Tor, Safari.
  • Clients / Readers – Office, Outlook, Thunderbird, Adobe, Foxit.
  •  Mobiles / Smartphones – Apple, Android, BlackBerry, Windows
  • Web Servers & Related – Apache, IIS, nginx, OpenSSL
  • Email Servers & Related–  MS Exchange, Dovecot, Postfix, Sendmail
  • Web Applications – WordPress, Joomla, Drupal, phpBB Roundcube, Horde.
  •  Research / Techniques –  Mitigations Bypass, AntiVirus RCE/LPE,  Routers Pre-Auth RCE

Mainly Zerodium pays for Remote code execution,  local privilege escalation, sandbox bypass, any other exploit types.

Eligible brands are Apple, Google, Samsung, LG, Huawei, Sony, HTC, Xiaomi, Acer, Asus, Vivo, Motorola, Lenovo, OPPO, BlackBerry, Vertu, ZTE, BBK, and Gionee.

Submission Process

Bug submission process is quite easy and simple steps to submit the researchers discovered vulnerabilities for above products.

ZERODIUM evaluates and verifies all submitted research within one week or less. Payments are made in one or multiple installments by wire transfer or using crypto-currencies e.g. Bitcoin. The first payment is sent within one week or less ZERODIUM said.

Also Read:

Netflix Launches Public Bug Bounty Program With Top Reward as $15,000

Intel Expands Bug Bounty Program Rewards To $250,000 for Meltdown and Spectre Like Vulnerabilities

Bug Bounty Researchers Make More than 2.7 Times Salary of an Average Software Engineer

BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Please enter your comment!
Please enter your name here