Vulnerability research hub Crowdfense is willing to pay $3 Million for iOS, Android zero-day exploits

World-leading vulnerability research hub Crowdfense is offering up to $3 million for full-chain, zero-day exploits for iOS and Android.

Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day.

In 2018, Crowdfence ran a $10 million bug bounty program, now the company decided to increment the value of the bug bounty program and extended them to other areas, including Messengers, Networking Devices, and WiFi/Baseband.

“In 2019 we are offering a larger 15M USD acquisition program, extending its scope to include other important areas of research, inclusive of Networking Devices, WiFi/Baseband and Messengers.” reads the announcement published by the company.

“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally,”

The company is going to pay functional exploits targeting Chrome for Windows up to $1.5 million, while exploits for Safari for macOS go up to $500,000.

Crowdfence is willing to pay up to $2.5 million for Safari RCE leading to privilege escalation on iOS, or up to $3 million for iOS RCE working without user interaction.

A Chrome RCE that allows privilege escalation on Android goes for $2 million, while an RCE that doesn’t require user interaction goes up to $3 million. The company also requires for both flaws the persistence.

The firm is willing to pay RCE flaws in routers up to $100,000, while WiFi/Baseband RCEs leading to local privilege escalation could be paid up to $500,000.

Crowdfense is also offering payouts up to $1.5 million for zero-interaction RCE flaws in IM or SMS apps, the payouts decrease to $1 million if user interaction is required.

“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally.” concludes the firm.

Pierluigi Paganini

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

The cost of ransomware: Should you pay the ransom? Gone Phishing: How Ransomware, Log4j, and Other Exploits Use Your Network to Catch the Big Fish New Research Reveals Network Attacks at Highest Point Over the Last Three Years
March 13, 2019

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X