Crowdfense, announcing that it will pay between 5 to 7 million dollars to those who report zero-day vulnerabilities in iPhone models, has brought attention to the soaring prices of such exploits. Here are the current bounty prices for some software and hardware vulnerabilities:
Zero-day vulnerability prices on iPhones are on the rise
The term “zero-day” refers to security vulnerabilities that software developers are not yet aware of and have not patched. Companies like Crowdfense and its competitor Zerodium typically aim to resell the vulnerabilities they find to government agencies or subcontractors claiming to need them for tracking criminals or espionage activities.
According to the new price list, Crowdfense will pay between 5 to 7 million dollars for vulnerabilities identified in iPhones and up to 5 million dollars for Android. Here are the assessed values for other popular software:
- Google Chrome: Up to 3 million dollars
- Safari: Up to 3.5 million dollars
- iMessage: Between 3 to 5 million dollars
- WhatsApp: Between 3 to 5 million dollars
Comparing these figures to Crowdfense’s previous price list from 2019, it’s evident that the value of all vulnerabilities has increased. This is attributed to companies like Apple and Google enhancing platform security and addressing vulnerabilities more quickly.
Crowdfense currently offers the highest prices outside of Russia. Last year, a company called Operation Zero in Russia announced that it could pay up to 20 million dollars for tools to hack iPhones and Android devices.
Apple also has its own Apple Security Research Bounty program to incentivize security researchers. Under this program, researchers can earn a maximum of 2 million dollars.
{{user}} {{datetime}}
{{text}}