Zerodium Increases Payouts for WhatsApp and iMessage Exploits
Good news for bug hunters and bad news for software manufacturers and developers. Earlier this week, the well-known vulnerability broker Zerodium announced a significant increase in payouts for various exploits.
Previously, a persistent remote jailbreak for iOS could earn you $1.5 million, but now the reward has been raised to $2 million. It’s important to note that a key requirement for this jailbreak is that it must not require any user interaction—everything must happen automatically. If minimal user interaction is required, such an exploit will be valued at $1.5 million.
Additionally, payouts for zero-day RCE (Remote Code Execution) vulnerabilities and exploits in messengers like WhatsApp and iMessage, as well as SMS/MMS applications on various platforms, have doubled. Previously, exploiting such bugs could earn up to $500,000, but now the reward is up to $1 million. Interestingly, zero-day vulnerabilities in Signal, Telegram, and Facebook Messenger are still valued at $500,000.
“Messengers in general, and WhatsApp in particular, are sometimes the only communication channel used by targets. Due to end-to-end encryption, our government clients face challenges intercepting such communications. As a result, being able to remotely compromise these apps without compromising the entire phone is a more strategic and effective approach,” commented Zerodium founder Chaouki Bekrar.
Updated Zerodium Price List
The new version of Zerodium’s updated price list can be seen below.
About Zerodium
Zerodium, founded in 2015 by Chaouki Bekrar (one of the creators of Vupen), is one of the most well-known vulnerability brokers on the market. While Vupen primarily developed its own exploits, Zerodium not only has its own team of developers but also actively purchases exploits and vulnerabilities from third parties.
Zerodium’s business model—which has been heavily criticized—relies on keeping information about self-discovered and third-party 0-day vulnerabilities secret, while reselling them to large companies, government agencies, and law enforcement organizations, such as the NSA or the military.