Zerodium will now pay $2 million for Apple iOS remote jailbreaks

Zerodium will now pay $2 million for Apple iOS remote jailbreaks 1

Zerodium is increasing its efforts to acquire zero-day vulnerabilities in popular software for private sale by increasing the financial rewards on offer.

The private exploit seller, a privately-held startup launched in 2015, acquires zero-day vulnerabilities and exploit chains in order to sell them on to customers — which may include corporations, law enforcement, and government entities.

The market for vulnerabilities is massive. It is not only cyberattackers in the underground which obtain and use bugs for their own purposes; law enforcement in the US has previously paid researchers in the past to find bugs and break into iPhones during criminal investigations, and government officials worldwide are constantly fighting back against the move towards encryption.

End-to-end encryption standards can prevent snooping, surveillance, as well as the leak of private data — and so one of the only ways to circumvent these protections is to obtain vulnerabilities which are yet to be patched by vendors. As our devices’ security standards improve, the task of infiltrating them becomes only more difficult.

Researchers who uncover previously-unknown security flaws which could be used to compromise users in these ways can report their findings directly to affected vendors, sell them on the underground, or chose to disclose these bugs to private sellers.

While morally dubious, in the latter case, there is serious money to be earned.

See also: Facebook bolsters bug bounty program with rewards for user token exposure

Evidently, business is booming for Zerodium, which has now released an updated list of financial rewards for all manner of security reports.

The payouts mirror demand and the highest payout on offer is for Apple iOS remote jailbreak reports with persistence and without a need for clicks to initiate. Originally, Zerodium offered $1.5 million for such reports, but this has now increased by $500,000 to $2 million.

The exploit seller is also willing to pay up to $1.5 million for similar, working exploits which require one click to set in motion.

CNET: Elecpro’s smart lock scans faces to let people in

Zerodium also has its sights set on WhatsApp, iMessage, or SMS/MMS remote code execution vulnerabilities, any of which can earn a bug bounty hunter up to $1 million, a payout which has been doubled.

Payouts have also been increased for Chrome remote code execution vulnerabilities, Safari flaws, and Touch ID bypass methods for both iOS and Android mobile devices. 

In terms of desktops, Zerodium has doubled the bounty on offer for Windows remote code execution attacks via SMB or RDP packets which do not require user interaction to $1 million. In addition, rewards have been doubled for Chrome remote code execution bugs, Apache exploits, and VMWare ESXi VM Escape methods, among others.

TechRepublic: CES 2019: 58% of consumers don’t secure their personal devices

Last year, the exploit seller ramped up its rewards for Linux-based vulnerabilities. Payouts of up to $45,000 were made available for local privilege escalation (LPE) exploits.

Zerodium is not the only gray exploit seller in business. Dubai-based Crowdfense operates a platform which facilitates the sale of vulnerabilities and all manner of exploit chains. These ‘wares’ can then be sold on to “global institutional customers,” which may include government entities.

Previous and related coverage

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022
Is The Crypto Market Combating A Lehman Brothers Moment?
June 30, 2022

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin23,909 0.01 % 2.17 % 2.47 %
Ethereum1,776.0 0.09 % 3.15 % 8.55 %
Tether1.001 0.21 % 0.16 % 0.12 %
USD Coin1.001 0.15 % 0.06 % 0.01 %
BNB326.59 0.31 % 0.11 % 14.96 %
XRP0.3779 0.41 % 0.65 % 0.42 %
Cardano0.5347 0.45 % 0.29 % 4.13 %
Binance USD1.001 0.16 % 0.09 % 0.07 %
Solana42.12 0.56 % 2.22 % 3.81 %
Polkadot9.250 0.22 % 4.88 % 13.10 %

Bitcoin (BTC) $ 23,905.00
Ethereum (ETH) $ 1,774.57
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 326.30
XRP (XRP) $ 0.378386
Cardano (ADA) $ 0.536044
Binance USD (BUSD) $ 1.00
Solana (SOL) $ 42.66
Polkadot (DOT) $ 9.25