Prices also raised for Android and Flash exploits

Sep 30, 2016 01:05 GMT  ·  By

Zerodium, a company that buys zero-day exploits and then sells them to government agencies around the world, has raised its prices for a series of security flaws it desperately wants to get its hands on.

First and foremost, the company has tripled the price it pays for an iOS zero-day. While last year Zerodium held a competition and paid $1 million for the first three iOS 9 zero-days, the company lowered the price to $500,000 afterward.

With the recent release of iOS 10, Zerodium has now once again hiked the price for iOS zero-days, agreeing to pay $1.5 million for a remote exploit that allows a third party full control over the device.

Just like last year, the company will pay for exploits that work against the latest patched iOS version, which means Zerodium is not interested in iOS 9 exploits. On the other hand, Apple is offering up to $200,000 for iOS zero-days via its private, invite-only bug bounty program.

Besides the new price for iOS 10 zero-days, Zerodium has also doubled the price for zero-days in Google's latest Android release, which now can bring researchers $200,000.

Additionally, the exploit vendor is now paying $100,000 for Flash exploits with a sandbox escape after previously it paid only $80,000.

Zero-days in Word or Excel are now valued at $40,000 and exploits in the Windows 10 Reader app are now $50,000. Last year, Zerodium was paying only $30,000 for both. The full Zerodium 2016 and 2015 price lists are embedded below.

Zeroidum 2016 0-day price list
Zeroidum 2016 0-day price list
Zeroidum 2015 0-day price list
Zeroidum 2015 0-day price list

Photo Gallery (3 Images)

Zerodium increases prices for some zero-days
Zeroidum 2016 0-day price listZeroidum 2015 0-day price list
Open gallery