exodus

While security researchers may now be able to earn up to $200k by reporting vulnerabilities to Apple, some may find it hard to resist a counter-offer of $500k by blackhat company Exodus Intelligence.

While Exodus uses the innocuous-sounding label ‘Research Sponsorship Program,’ the firm makes its money by buying details of vulnerabilities and then making them available to those wishing to exploit them to hack devices …

Exodus has a hitlist on its site showing that it will pay up to $500k for a zero-day vulnerability in iOS 9.3+, with smaller payouts for flaws found in a range of browsers as well as Adobe Reader and Flash.

As with Apple’s offer, the headline fee is the maximum that will be paid – the range in the case of Exodus starts from just $5000.

Zero-day vulnerabilities are ones of which the software creator is unaware, the name deriving from the fact that the company would have zero days to prepare for an attack based on the flaw. They are highly sought after by companies and government agencies seeking to break into iPhones and other devices. It is likely that a zero-day exploit was used by the company which helped the FBI break into the iPhone in the San Bernardino case.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear