While security researchers may now be able to earn up to $200k by reporting vulnerabilities to Apple, some may find it hard to resist a counter-offer of $500k by blackhat company Exodus Intelligence.
While Exodus uses the innocuous-sounding label ‘Research Sponsorship Program,’ the firm makes its money by buying details of vulnerabilities and then making them available to those wishing to exploit them to hack devices …
Exodus has a hitlist on its site showing that it will pay up to $500k for a zero-day vulnerability in iOS 9.3+, with smaller payouts for flaws found in a range of browsers as well as Adobe Reader and Flash.
As with Apple’s offer, the headline fee is the maximum that will be paid – the range in the case of Exodus starts from just $5000.
Zero-day vulnerabilities are ones of which the software creator is unaware, the name deriving from the fact that the company would have zero days to prepare for an attack based on the flaw. They are highly sought after by companies and government agencies seeking to break into iPhones and other devices. It is likely that a zero-day exploit was used by the company which helped the FBI break into the iPhone in the San Bernardino case.