As Apple offers $200k for iPhone vulnerabilities, Black Hat firm offers $500k


While security researchers may now be able to earn up to $200k by reporting vulnerabilities to Apple, some may find it hard to resist a counter-offer of $500k by blackhat company Exodus Intelligence.

While Exodus uses the innocuous-sounding label ‘Research Sponsorship Program,’ the firm makes its money by buying details of vulnerabilities and then making them available to those wishing to exploit them to hack devices …

Exodus has a hitlist on its site showing that it will pay up to $500k for a zero-day vulnerability in iOS 9.3+, with smaller payouts for flaws found in a range of browsers as well as Adobe Reader and Flash.

As with Apple’s offer, the headline fee is the maximum that will be paid – the range in the case of Exodus starts from just $5000.

Zero-day vulnerabilities are ones of which the software creator is unaware, the name deriving from the fact that the company would have zero days to prepare for an attack based on the flaw. They are highly sought after by companies and government agencies seeking to break into iPhones and other devices. It is likely that a zero-day exploit was used by the company which helped the FBI break into the iPhone in the San Bernardino case.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:


iPhone hack

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear


Dell 49-inch curved monitor