Zero-day vulnerabilities targeting popular secure messenger applications, like Signal, Telegram and WhatsApp, can fetch payments of up to $500,000 from Zerodium, a buyer and seller of zero-day research, based on a newly released list of available awards offered by the U.S. firm. The market for zero-day vulnerabilities — an undisclosed software security hole that can be exploited by hackers — is notoriously rich and murky. Traders tend to operate away from public scrutiny for a number of reasons that make it difficult to learn about the market. Although Zerodium isn’t known for the transparency of its business, the company’s listings for vulnerabilities provides a window into the supply and demand behind the vulnerability resale industry. Information concerning software flaws that allow for remote code execution and privilege escalation within Signal, and other secure messenger applications, are currently worth $500,000 a piece. These applications are used by billions of people around the world including, as […]
The post Private firm puts $500K bounty on Signal, WhatsApp zero-day vulnerabilities appeared first on Cyberscoop.
Continue reading Private firm puts $500K bounty on Signal, WhatsApp zero-day vulnerabilities→