Zerodium: $2 million for Apple iOS remote jailbreaks
Zerodium, a vulnerability trading platform, updated its quotation for the 0-Day vulnerability to encourage more people to submit the discovered vulnerabilities to them. Zerodium officially claims to pay for eligible 0-Day vulnerabilities ranging from $2,000 to $2 million. The cost of obtaining the original 0-Day vulnerability from Zerodium to the researcher depends on the popularity and security level of the affected software/system and the quality of the vulnerability submitted (supported version/system/architecture, Reliability, bypassed vulnerability mitigation, default and non-default components, process continuation, etc.).
Announcement: We are increasing our bounties for almost every product.
We're now paying $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp/iMessage/SMS/MMS RCEs, and $500,000 for Chrome RCEs.
More information at: https://t.co/0NBRnq4I4y pic.twitter.com/vXDyxC3Q4v
— Zerodium (@Zerodium) January 7, 2019
Like other vulnerability trading platforms, Zerodium acquired 0-day vulnerabilities and sold them to government agencies and law enforcement, but many privacy advocates fear that some surveillance companies may use these vulnerabilities to sell their products to authoritarian governments.