orld-leading vulnerability research hub Crowdfense is offering up to $3 million for full-chain, zero-day exploits for iOS and Android.

Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day.

In 2018, Crowdfence ran a $10 million bug bounty program, now the company decided to increment the value of the bug bounty program and extended them to other areas, including Messengers, Networking Devices, and WiFi/Baseband.

“In 2019 we are offering a larger 15M USD acquisition program, extending its scope to include other important areas of research, inclusive of Networking Devices, WiFi/Baseband and Messengers.” reads the announcement published by the company.

“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally,”

The company is going to pay functional exploits targeting Chrome for Windows up to $1.5 million, while exploits for Safari for macOS go up to $500,000.

Crowdfence is willing to pay up to $2.5 million for Safari RCE leading to privilege escalation on iOS, or up to $3 million for iOS RCE working without user interaction.

A Chrome RCE that allows privilege escalation on Android goes for $2 million, while an RCE that doesn’t require user interaction goes up to $3 million. The company also requires for both flaws the persistence.

The firm is willing to pay RCE flaws in routers up to $100,000, while WiFi/Baseband RCEs leading to local privilege escalation could be paid up to $500,000.

Crowdfense is also offering payouts up to $1.5 million for zero-interaction RCE flaws in IM or SMS apps, the payouts decrease to $1 million if user interaction is required.

“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally.” concludes the firm.

Pierluigi Paganini

( SecurityAffairs – zero-day, hacking)

Share this...

Linkedin Reddit Pinterest

Share On