Zerodium Increases Its Payouts for Linux Exploits

Exploit aggregator and seller Zerodium is now trying to attract hackers finding flaws in Linux operating system. The firm will offer bug bounties of up to $45,000 for Linux security vulnerabilities. “Got a Linux LPE? Working with default installations of Ubuntu, Debian, CentOS / RHEL / Fedora? We are increasing our payouts to $45,000 per #0day exploit until March 31st, 2018,” the company announced on Twitter.

Zerodium did pay for Linux exploits before too, however, it would pay up to $30,000 for Local Privilege Escalation (LPE) flaws in the operating system. The $45,000 payout is only being offered until March 31, 2018. The boost in bug bounty suggests an increase in market demand for these vulnerabilities. For those interested in submitting their bugs to the exploit acquisition company should know that Zerodium only acquires zero-day vulnerabilities with fully functional exploits. “We do not acquire PoCs for theoretically exploitable or non-exploitable vulnerabilities,” the company writes.

While Linux bug rewards are now being increased from $30,000 to 45,000 for a limited time only, Zerodium usually pays rewards for eligible zero-day exploits that go from $5,000 up to $1,500,000. The million dollar bug bounties are only rewarded for Remote Jailbreak with Persistence on iPhones. Last year, it had also advertised offering $1M payouts for Tor Browser zero-days.