Exploit acquisition firm Zerodium is offering up to $500,000 for VMware ESXi and Microsoft Hyper-V vulnerabilities.
The company is looking for exploits that allow guest-to-host escapes in default configurations to gain full access to the host.
The overall price for ESXi virtual machine escapes has rapidly increased over the years, in August 2017, Zerodium has been offering up to $80,000 for VMware ESXi
“We are increasing the payouts for VMWare ESXi exploits to attract and encourage more researchers into auditing the security of this hypervisor as we firmly believe that there are many critical vulnerabilities affecting it and our government customers are in need of such exploits,” Chaouki Bekrar, founder and CEO of Zerodium, told SecurityWeek.
The offer for Microsoft Hyper-V exploit is a novelty in the Zerodium’s offer, this is the first time that the zero-day broker
“Hyper-V was not part of our bounty program as there was low to no interest in this product from our customers,” added Bekrar. “However, we’ve recently observed a significant increase in demand for Hyper-V exploits and we have decided to add it to our program.”
According to Bekrar, these payouts for Hyper-V and ESXi zero-day exploits are valid for a couple of months and then the company will decide for changes depending on the number of submissions received in this period
In January, Zerodium announced it is offering to pay up to $2 million for remote iOS jailbreaks that don’t need any user interaction, Previous offers of the company for this kind of exploits was $1.5 million.
The company also doubled the payouts for remote code execution flaws in WhatsApp, iMessage or SMS/MMS applications, payouts passed from $500,000 up to $1 million.
(SecurityAffairs – bug bounty, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.