Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day.
In 2018, Crowdfence ran a $10 million bug bounty program, now the company decided to increment the value of the bug bounty program and extended them to other areas, including Messengers, Networking Devices, and WiFi/Baseband.
“In 2019 we are offering a larger 15M USD acquisition program, extending its scope to include other important areas of research, inclusive of Networking Devices, WiFi/Baseband and Messengers.” reads the announcement published by the company.
“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally,”
The company is going to pay functional exploits targeting Chrome for Windows up to $1.5 million, while exploits for Safari for macOS go up to $500,000.
Crowdfence is willing to pay up to $2.5 million for Safari RCE leading to privilege escalation on iOS, or up to $3 million for iOS RCE working without user interaction.
A Chrome RCE that allows privilege escalation on Android goes for $2 million, while an RCE that doesn’t require user interaction goes up to $3 million. The company also requires for both flaws the persistence.
The firm is willing to pay RCE flaws in routers up to $100,000, while WiFi/Baseband RCEs leading to local privilege escalation could be
Crowdfense is also offering payouts up to $1.5 million for zero-interaction RCE flaws in IM or SMS apps, the payouts decrease to $1 million if user interaction is required.
“Payouts for full-chain, previously unreported, exclusive capabilities range from $100,000 USD to $3 million USD per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally.” concludes the firm.