Exploit acquisition firm Crowdfense is offering a total of $30 million for zero-day exploits targeting Android, iOS, Chrome, and Safari.
Founded in 2017, Crowdfense describes itself as “a research hub and acquisition platform for high-quality zero-day exploits and advanced vulnerability research”.
In 2019, the company announced an exploit acquisition program for Android and iOS zero-day vulnerabilities, offering payouts of up to $3 million for full-chain, previously unreported exploits.
This year, the firm has revealed significantly higher rewards as part of the program, offering bounties of up to $9 million for zero-click full chain exploits deliverable via SMS or MMS messages.
Researchers able to deliver zero-click full chain exploits for Android may earn as much as $5 million, while those identifying similar zero-days in iOS could receive as much as $7 million for their findings, Crowdfense says.
Exploits leading to remote code execution and sandbox escape on iOS could earn researchers up to $3.5 million.
The company is willing to pay between $2 million and $3 million for Chrome exploits leading to remote code execution and local privilege escalation, and $2.5 million to $3.5 million for similar exploits targeting Safari.
Crowdfense is also offering hundreds of thousands of dollars for less impactful sandbox escape exploits targeting Chrome and Safari.
According to the company, only fully functional, top-quality zero-day exploits will be evaluated as part of the program.
“Payouts for full-chains or previously unreported, exclusive capabilities, range from USD 10,000 to USD 9 million per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally,” Crowdfense announced.
Crowdfense is not the only firm looking to acquire Android and iOS exploits. Last year, Russian zero-day acquisition firm Operation Zero announced it was willing to pay up to $20 million for full exploit chains targeting the iOS and Android mobile platforms, claiming “high demand on the market”.
Related: Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024
Related: Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits
Related: Zerodium Offering $400,000 for Microsoft Outlook Zero-Day Exploits
