orld-leading vulnerability research hub Crowdfense is offering up to $3 million for full-chain, zero-day exploits for iOS and Android.
Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day.
In 2018, Crowdfence ran a $10 million bug bounty program, now the company decided to increment the value of the bug bounty program and extended them to other areas, including Messengers, Networking Devices, and WiFi/Baseband.
“In 2019 we are offering a larger 15M USD acquisition program, extending its scope to include other important areas of research, inclusive of Networking Devices, WiFi/Baseband and Messengers.” reads the announcement published by the company.
“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally,”
The company is going to pay functional exploits targeting Chrome for Windows up to $1.5 million, while exploits for Safari for macOS go up to $500,000.
Crowdfence is willing to pay up to $2.5 million for Safari RCE leading to privilege escalation on iOS, or up to $3 million for iOS RCE working without user interaction.
A Chrome RCE that allows privilege escalation on Android goes for $2 million, while an RCE that doesn’t require user interaction goes up to $3 million. The company also requires for both flaws the persistence.
The firm is willing to pay RCE flaws in routers up to $100,000, while WiFi/Baseband RCEs leading to local privilege escalation could be paid up to $500,000.
Crowdfense is also offering payouts up to $1.5 million for zero-interaction RCE flaws in IM or SMS apps, the payouts decrease to $1 million if user interaction is required.
“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally.” concludes the firm.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.