From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Founded2015 (2015)
United States
Area served
Information security

Zerodium is an American information security company founded in 2015 based in Washington, D.C. and Europe. Its main business is developing and acquiring premium zero-day exploits from security researchers, and reporting the research, along with protective measures and security recommendations, to its government clients as part of the ZERODIUM Zero-Day Research Feed.[1]


In 2015, Zerodium was the first company to release a full pricing chart for zero-days ranging from $5,000 to $1,500,000 per exploit.[2] The company was reportedly spending in 2015 between $400,000 to $600,000 per month for vulnerability acquisitions.[3]

In 2016, the company has increased its permanent bug bounty for iOS exploits to $1,500,000.[4]

In 2017, Zerodium has published a new pricing chart exclusively for mobile zero-days ranging from $10,000 to $500,000 per exploit. The company has also announced a time limited bounty of $1,000,000 for Tor browser exploits.[5]

In 2018, the company has added new products to its bounty program including cPanel, Webmin, Plesk, DirectAdmin, ISPConfig, OpenBSD, FreeBSD, and NetBSD. It has also increased its payouts for various software including a bounty of up to $500,000 for Windows remote code execution exploits. [6]

In January 2019, Zerodium has once again increased its bounties for almost every product including a payout of $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp, iMessage, SMS, and MMS RCEs, and $500,000 for Chrome exploits. [7]

In September 2019, Zerodium has increased its bounty for Android exploits to $2,500,000 and for the first time the company is paying more for Android exploits than iOS. Payouts for WhatsApp and iMessage have also been increased. The company is reportedly spending between $1,000,000 to $3,000,000 each month for vulnerability acquisitions.[8]

See also[edit]


  1. ^ Zerodium. "ZERODIUM Zero-Day Research Feed". Cite journal requires |journal= (help)
  2. ^ Andy Greenbrg (18 November 2015). "Here's a Spy Firm's Price List for Secret Hacker Techniques". Wired. Retrieved 26 August 2016.
  3. ^ Sean Michael Kerner (21 September 2015). "Zerodium Offering a $1 Million iOS 9 Bug Bounty". eWeek.
  4. ^ Lily Hay Newman (29 September 2016). "A Top-Shelf iPhone Hack Now Goes for $1.5 Million". Wired.
  5. ^ Zerodium (13 September 2017). "Tor Browser Zero-Day Exploits Bounty for $1.0 Million". Cite journal requires |journal= (help)
  6. ^ Zerodium (13 September 2018). "Zerodium is increasing its bounties for browsers, servers, mobiles, and more". Cite journal requires |journal= (help)
  7. ^ Zerodium (7 January 2019). "Zerodium is increasing its bounties for iOS to up to $2,000,000". Cite journal requires |journal= (help)
  8. ^ Sophos (9 January 2019). "Zerodium's waving fatter payouts for zero-day bug hunters". Cite journal requires |journal= (help)

External links[edit]