Firm Offers $2m for iOS Zero-Day Exploits
January 09, 2019 / Phil Muncaster
ontroversial exploit broker Zerodium has upped its bug bounties for the majority of desktop/server and mobile exploits, offering security researchers millions of dollars for their work. At the lower end, a Windows local privilege escalation or sandbox escape will now pay out $80,000, up from $50,000, while at the top of the server/desktop category are “zero click” Windows remote code execution exploits, which have doubled in value to $1m. However, the biggest bucks go to researchers looking for flaws in mobile platforms. A local pin/passcode or Touch ID bypass for Android or iOS will net you $100,000, up from $15,000, while a zero click Apple iOS remote jailbreak with persistence is now worth $2m, up from $1.5m. “Zerodium pay outs for eligible zero-day exploits range from $2000 to $2m per submission,” the firm’s website explained.