Zerodium offers $2 million for iOS zero-days

A startup company famous for purchasing zero-day exploits is increasing its bounties to anyone who discovers one in Apple operating systems or popular messaging technologies.

Zerodium on Monday announced it will pay up to $2 million for remote iOS jailbreaks, $1 million for information that allows remote code execution in WhatsApp, iMessage, or texting apps, and $500,000 for Google Chrome exploits. The bounties are up from $1.5 million, $500,000, and $200,000, respectively.

Such price increases are in part a reflection of tighter security in popular technology, Zerodium founder Chaouki Bekrar told CyberScoop in 2017.

“The price that Zerodium puts on a product is always an indication of the security of that product; the higher the price, the better is the security of the product,” he said.

While many companies offer bug bounties for their own products, Zerodium offers a different service. The Washington-based firm pays for original research that it re-sells to government customers that use the information to infiltrate popular software and devices.

Zerodium also upped its reward for a “zero click” remote code execution into Windows servers or desktops via SMB or RDP packets. That bounty has been raised to $1 million from $500,000. A local pin/passcode or Touch ID bypass for Android or iOS phones is now worth $100,000, compared to $15,000 in the past.

A full list of updated bounties is available on the company’s website.