Million Bounty Rewards For Android, iOS, & Chrome Zero-day

This year, Crowdfense is expanding its scope to encompass additional major research fields like Enterprise Software, WiFi/Baseband, and Messengers and is proposing a larger 30 million USD acquisition program.

Crowdfense is the world’s premier research and acquisition platform for high-quality zero-day exploits and advanced vulnerability research.

Both the company’s innovative “Vulnerability Research Hub” (VRH) online platform and its $10 million bug bounty program received widespread attention from researchers in 2019.

According to the company, payouts for exclusive capabilities or full chains that have not been disclosed range from USD 10,000 to USD 9 million for each successful application.

Partial chains will be assessed individually and charged accordingly.

“Within this program, Crowdfense evaluates only fully functional, top-quality zero-day exploits affecting the following platforms and products,” the company said.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

Higher Rewards Of The Program

The company has disclosed that this year’s program includes significantly higher rewards. 

Interestingly, the company is offering $5–$7 million for zero-day exploits on iPhones, up to $5 million for zero-days to breach Android phones, up to $3–$3.5 million for zero-days on Chrome and Safari, and $3–$5 million for zero-days on iMessage and WhatsApp. 

Researchers may be able to make up to $3.5 million through exploits that allow for sandbox escape and remote code execution on iOS.

For Chrome exploits that result in remote code execution and local privilege escalation, the business is willing to pay between $2 million and $3 million; for Safari exploits of a similar nature, it will pay between $2.5 million and $3.5 million.

  • SMS/MMS Full Chain Zero Click: from 7 to 9 M USD
  • Android Zero Click Full Chain: 5 M USD
  • iOS Zero Click Full Chain: from 5 to 7 M USD
  • iOS (RCE + SBX): 3,5 M USD
  • Chrome (RCE + LPE): from 2 to 3 M USD
  • Chrome (SBX): 400k USD
  • Chrome (RCE w/o SBX): 400k USD
  • Safari (RCE + LPE): from 2,5 to 3,5 M USD
  • Safari (SBX): from 300 to 400k USD
  • Safari (RCE w/o SBX): 200k USD

Crowdfense offers many additional payments for less complex zero-day exploits that target various products, such as the Chrome and Safari browsers.

In 2019, the business made a $3 million offer for an iOS and Android zero-click remote code execution exploit. 

The cost of threat intelligence teams’ findings rises as more zero-day vulnerabilities are found, so attackers have to put in more time and effort.

The company said, “Please be aware that from time to time, we will also propose high-priority bounties, with extra bonuses and private bounties to selected researchers through our Vulnerability Research Hub: be sure not to miss them!”

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.