ZERODIUM is always improving its bug bounty program and payouts, and constantly expanding the list of eligible software. Our latest announcements and bounties can be found below:
Jan. 7, 2019 - ZERODIUM increases the payouts for almost every target including Apple iOS, WhatsApp, iMessage, Chrome, Windows, and many other products. We are now paying $1,000,000 for WhatsApp, iMessage, and SMS/MMS RCEs and up to $2,000,000 for iPhone remote jailbreaks.
Dec. 20, 2018 - We are currently looking for code execution exploits via USB drives on Windows and/or macOS. The exploit must achieve code execution immediately after the USB key/drive is plugged into the system without relying on visible keystroke injections or user interaction.
Sep. 19, 2018 - We are acquiring pre-authentication RCE exploits affecting the following Routers: ASUS, Cisco, D-Link, Linksys, MikroTik, Netgear, TP-Link, and Ubiquiti. Exploits leading to authentication bypass or credentials disclosure are also accepted. Exploits relying on XSS or CSRF are not eligible.