Last week, Apple launched its first ever bug bounty program, offering cash rewards of up to $200,000 for uncovering vulnerabilities in iOS or recent generations of its hardware. Today, an exploit trading firm named Exodus Intelligence has unveiled its own program for collecting vulnerabilities, which includes a bounty for hacks targeting iOS 9.3 or higher worth $500,000, which is more than double what Apple is offering (via The Verge).
As you can see in Exodus Intelligence’s hit-list shown above, the firm is also paying out for attacks targeting Google Chrome ($150,000), Microsoft Edge ($125,000), and Firefox ($80,000). It is believed that customers of Exodus Intelligence pay annual subscriptions starting at $200,000 for access to the firm’s database of exploits, with Exodus selling to security firms and antivirus vendors looking to defends users, as well as to clients who want to find their way into protected systems, including government agencies.
This isn’t unusual. Private companies regularly offer more money for vulnerabilities than big tech firms, but the relatively open nature of Exodus Intelligence’s hit-list (you have to log-in to see the details, but the general prices are there for everyone) shows how the exploit market is becoming increasingly public. Last year, security firm Zerodium paid $1 million to hackers for an iPhone hack and the offer made headlines — even if Zerodium later lowered this fee to “up to $500,000” for subsequent iOS hacks.
The rewards will be paid via check, wire transfer or Bitcoin.