Linux Bugs in Demand – Exploit Acquisition Firm Increases Its Payouts for Linux Exploits
Exploit aggregator and seller Zerodium is now trying to attract hackers finding flaws in Linux operating system. The firm will offer bug bounties of up to $45,000 for Linux security vulnerabilities. "Got a Linux LPE? Working with default installations of Ubuntu, Debian, CentOS / RHEL / Fedora? We are increasing our payouts to $45,000 per #0day exploit until March 31st, 2018," the company announced on Twitter.
Zerodium did pay for Linux exploits before too, however, it would pay up to $30,000 for Local Privilege Escalation (LPE) flaws in the operating system. The $45,000 payout is only being offered until March 31, 2018. The boost in bug bounty suggests an increase in market demand for these vulnerabilities. For those interested in submitting their bugs to the exploit acquisition company should know that Zerodium only acquires zero-day vulnerabilities with fully functional exploits. "We do not acquire PoCs for theoretically exploitable or non-exploitable vulnerabilities," the company writes.
While Linux bug rewards are now being increased from $30,000 to 45,000 for a limited time only, Zerodium usually pays rewards for eligible zero-day exploits that go from $5,000 up to $1,500,000. The million dollar bug bounties are only rewarded for Remote Jailbreak with Persistence on iPhones. Last year, it had also advertised offering $1M payouts for Tor Browser zero-days.
Washington, DC-based firm is known for aggregating and then selling exploits. The private firm pays top dollars to researchers who opt to sell exploits to private firm instead of tech companies who work to patch these security vulnerabilities. Zerodium says that it analyzes and documents the flaws before selling them to work on proposals for its clients to protect their systems. However, it also sells these exploits to an increasing number of companies and government clients who are always on the lookout for backdoor access to tech products and services.