ZERODIUM is always improving its bug bounty program and payouts, and constantly expanding the list of eligible software. Our latest announcements and bounties can be found below:
Mar. 5, 2019 - ZERODIUM is currently paying up to $500,000 for Microsoft Hyper-V or VMWare ESXi zero-day exploits allowing Guest-to-Host escapes. The exploit must work with default configurations, be fully reliable, and lead to a privileged access to the host system.
Jan. 31, 2019 - We are currently paying $100,000++ for MikroTik router zero-days leading to pre-authentication RCE, or authentication bypass, or credentials disclosure. The exploit must work with the latest versions of RouterOS for one or more architectures (X86, ARM, MIPS).
Jan. 7, 2019 - ZERODIUM increases the payouts for almost every target including Apple iOS, WhatsApp, iMessage, Chrome, Windows, and many other products. We are now paying $1,000,000 for WhatsApp, iMessage, and SMS/MMS RCEs and up to $2,000,000 for iPhone remote jailbreaks.