- Oct 23, 2012
- 12,527
Exploit vendor decides to go public with 0-day going rates
Having previously paid $1 million / €0.93 million for the first iOS 9 jailbreak, Zerodium has now gone one step further and published a list of prices it will dish out to security researchers and hackers for their undisclosed zero-day bugs.
For the uninitiated, Zerodium is a European company activating in the cyber-security field. The company is not selling an antivirus or managing a security platform, but it's what you'd call an exploit vendor, a company that finds security flaws in other platforms / software and then sells them to the highest bidder.
Zerodium's list of regular customers includes national spying agencies, cyber-crime groups, or even legitimate companies willing to dirty up their hands and sabotage their competition.
While Zerodium has its own staff that searches popular software for zero-day vulnerabilities, it also sometimes buys them from other companies or solitary hackers.
Mobile OS jailbreaks are the most expensive zero-days on the market
After the recent success of its iOS 9 jailbreak bug bounty, it appears that the company has decided to go on ahead and put a price list out in the open.
The price chart, presented as Mendeleev's periodic table, places iOS remote jailbreaks above all other security flaws, the company being willing to pay up to $500,000 / €466,000 for such submissions.
The second tier is for payments of up to $100,000 / €93,000, and will be dished out for similar remote jailbreakes for Android and Windows Phone handsets.
The third tier is reserved for Google Chrome, Adobe Flash, and Adobe PDF Reader. Zerodium is looking for sandbox escape methods and remote code execution bugs, being willing to pay up to $80,000 / €74,500.
The company is also searching for bugs in many more other tools, ranging from operating systems to Web servers, and from forums to mail server tech. The only condition is that all submitted bugs should be unique, and not reported or disclosed to anybody else.
Having previously paid $1 million / €0.93 million for the first iOS 9 jailbreak, Zerodium has now gone one step further and published a list of prices it will dish out to security researchers and hackers for their undisclosed zero-day bugs.
For the uninitiated, Zerodium is a European company activating in the cyber-security field. The company is not selling an antivirus or managing a security platform, but it's what you'd call an exploit vendor, a company that finds security flaws in other platforms / software and then sells them to the highest bidder.
Zerodium's list of regular customers includes national spying agencies, cyber-crime groups, or even legitimate companies willing to dirty up their hands and sabotage their competition.
While Zerodium has its own staff that searches popular software for zero-day vulnerabilities, it also sometimes buys them from other companies or solitary hackers.
Mobile OS jailbreaks are the most expensive zero-days on the market
After the recent success of its iOS 9 jailbreak bug bounty, it appears that the company has decided to go on ahead and put a price list out in the open.
The price chart, presented as Mendeleev's periodic table, places iOS remote jailbreaks above all other security flaws, the company being willing to pay up to $500,000 / €466,000 for such submissions.
The second tier is for payments of up to $100,000 / €93,000, and will be dished out for similar remote jailbreakes for Android and Windows Phone handsets.
The third tier is reserved for Google Chrome, Adobe Flash, and Adobe PDF Reader. Zerodium is looking for sandbox escape methods and remote code execution bugs, being willing to pay up to $80,000 / €74,500.
The company is also searching for bugs in many more other tools, ranging from operating systems to Web servers, and from forums to mail server tech. The only condition is that all submitted bugs should be unique, and not reported or disclosed to anybody else.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
