Exploit vendor Zerodium has added new categories to its payout list, with sums of half a million dollars (US) on offer for fully functioning weaponised exploits against Signal, WhatsApp, Telegram and other encrypted messaging apps.
The vendor, based in Washington DC, is offering a similar sum for exploits of default email applications on mobile devices.
The biggest amount on offer is US$1.5 million for an Apple iOS remote jailbreak plus persistence, an exploit that works remotely and without any user interaction. One that works with user interaction will net the creator US$1 million.
These payouts have been on offer for some time.
{loadposition sam08}Zero click remote exploits for Windows 10 which target default services like SMB or RDP are paying US$300,000.
Zerodium has been in the business since 2015. Those who sell exploits to the company have no idea of knowing who buys them.
Payouts for remote exploits for Chrome on Windows, including escape from a sandbox, are now at US$150,000, up from US$80,000.
And exploits for PHP now pay US$100,000, compared to half that amount earlier.
The company says: "Payouts for eligible zero-day exploits range from US$5000 to $1.5 million per submission.
"The amounts paid to researchers to acquire their original zero-day exploits depend on the popularity and security strength of the affected software/system, as well as the quality of the submitted exploit (full or partial chain, supported versions/systems/architectures, reliability, bypassed exploit mitigations, default vs. non-default component, process continuation, etc)."