$30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
$30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day
Author: Guru BaranThis year, Crowdfense is expanding its scope to encompass additional major research fields like Enterprise Software, WiFi/Baseband, and Messengers and is proposing a larger 30 million USD acquisition program.
Crowdfense is the world’s premier research and acquisition platform for high-quality zero-day exploits and advanced vulnerability research.
Both the company’s innovative “Vulnerability Research Hub” (VRH) online platform and its $10 million bug bounty program received widespread attention from researchers in 2019.
According to the company, payouts for exclusive capabilities or full chainsthat have not been disclosed range from USD 10,000 to USD 9 millionfor each successful application.
Partial chains will be assessed individually and charged accordingly.
“Within this program, Crowdfense evaluates only fully functional, top-quality zero-day exploits affecting the following platforms and products,” the company said.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Higher Rewards Of The Program
The company has disclosed that this year’s program includes significantly higher rewards.
Interestingly, the company is offering $5–$7 million for zero-day exploits on iPhones, up to $5 million for zero-days to breach Android phones, up to $3–$3.5 million for zero-days on Chrome and Safari, and $3–$5 million for zero-days on iMessage and WhatsApp.
Researchers may be able to make up to $3.5 million through exploits that allow for sandbox escape and remote code execution on iOS.
For Chrome exploits that result in remote code execution and local privilege escalation, the business is willing to pay between $2 million and $3 million; for Safari exploits of a similar nature, it will pay between $2.5 million and $3.5 million.
- SMS/MMS Full Chain Zero Click : from 7 to 9 M USD
- Android Zero Click Full Chain : 5 M USD
- iOS Zero Click Full Chain : from 5 to 7 M USD
- iOS (RCE + SBX): 3,5 M USD
- Chrome (RCE + LPE): from 2 to 3 M USD
- Chrome (SBX): 400k USD
- Chrome (RCE w/o SBX): 400k USD
- Safari (RCE + LPE): from 2,5 to 3,5 M USD
- Safari (SBX): from 300 to 400k USD
- Safari (RCE w/o SBX): 200k USD
Crowdfense offers many additional payments for less complex zero-day exploits that target various products, such as the Chrome and Safari browsers.
In 2019, the business made a $3 million offer for an iOS and Android zero-click remote code execution exploit.
The cost of threat intelligence teams’ findings rises as more zero-day vulnerabilities are found, so attackers have to put in more time and effort.
The company said, “Please be aware that from time to time, we will also propose high-priority bounties, with extra bonuses and private bounties to selected researchers through our Vulnerability Research Hub: be sure not to miss them!”
Secure your emails in a heartbeat! To find your ideal email security vendor, Take aFree 30-Second Assessment.
#Bug_Bounty #Cyber_Security_Research #Zero-Day #Bug_Bounty_Programs #cybersecurity #Zero-Day_Exploits
Оригинальная версия на сайте: