Zerodium offers $2 million for iOS zero-days

Such price increases are in part a reflection of tighter security in popular technology.

A startup company famous for purchasing zero-day exploits is increasing its bounties to anyone who discovers one in Apple operating systems or popular messaging technologies.

Zerodium on Monday announced it will pay up to $2 million for remote iOS jailbreaks, $1 million for information that allows remote code execution in WhatsApp, iMessage, or texting apps, and $500,000 for Google Chrome exploits. The bounties are up from $1.5 million, $500,000, and $200,000, respectively.

Such price increases are in part a reflection of tighter security in popular technology, Zerodium founder Chaouki Bekrar told CyberScoop in 2017.

“The price that Zerodium puts on a product is always an indication of the security of that product; the higher the price, the better is the security of the product,” he said.


While many companies offer bug bounties for their own products, Zerodium offers a different service. The Washington-based firm pays for original research that it re-sells to government customers that use the information to infiltrate popular software and devices.

Zerodium also upped its reward for a “zero click” remote code execution into Windows servers or desktops via SMB or RDP packets. That bounty has been raised to $1 million from $500,000. A local pin/passcode or Touch ID bypass for Android or iOS phones is now worth $100,000, compared to $15,000 in the past.

A full list of updated bounties is available on the company’s website.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts