Vulnerability research hub Crowdfense is willing to pay $3 Million for iOS, Android zero-day exploits

World-leading vulnerability research hub Crowdfense is offering up to $3 million for full-chain, zero-day exploits for iOS and Android.

Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day.

In 2018, Crowdfence ran a $10 million bug bounty program, now the company decided to increment the value of the bug bounty program and extended them to other areas, including Messengers, Networking Devices, and WiFi/Baseband.

“In 2019 we are offering a larger 15M USD acquisition program, extending its scope to include other important areas of research, inclusive of Networking Devices, WiFi/Baseband and Messengers.” reads the announcement published by the company.

“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally,”

The company is going to pay functional exploits targeting Chrome for Windows up to $1.5 million, while exploits for Safari for macOS go up to $500,000.

Crowdfence is willing to pay up to $2.5 million for Safari RCE leading to privilege escalation on iOS, or up to $3 million for iOS RCE working without user interaction.

A Chrome RCE that allows privilege escalation on Android goes for $2 million, while an RCE that doesn’t require user interaction goes up to $3 million. The company also requires for both flaws the persistence.

The firm is willing to pay RCE flaws in routers up to $100,000, while WiFi/Baseband RCEs leading to local privilege escalation could be paid up to $500,000.

Crowdfense is also offering payouts up to $1.5 million for zero-interaction RCE flaws in IM or SMS apps, the payouts decrease to $1 million if user interaction is required.

“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally.” concludes the firm.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X