Zerodium—a company that specializes in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system.
Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled
It like Tor Browser zero-day achievements are in great need normal now—so many so that someone is willing to pay ONE MILLION dollars.
Tor browser users should take this news an early warning, especially who use Tails OS to protect their privacy.
.The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser.
Moreover, the zero-day Tor exploit must work without requiring any user interaction, except for victims to visit a web page.
Another assault vectors so as for express via hateful text is not suitable for this bounty, but ZERODIUM may, at its sole option, make a distinct offer to acquire such exploits.
Zerodium to Sell Tor Browser 0-Days to Law Enforcement Agencies.
The zero-day business has long held a profitable market for private firms that typically offer more payouts for undisclosed vulnerabilities than big technology companies, Zerodium says that it wants to resell the Tor browser exploits to law enforcement agencies to fight crime.
In an FAQ, the company has admitted that it will sell the acquired Tor zero-days to law enforcement agencies, and possibly the commercial malware development companies who sell spyware to governments.
"In many cases, [Tor] used by ugly people to conduct activities such as drug trafficking or child abuse. We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all," Zerodium said.
Payouts for Tor Browser 0-Day RCE Exploits.
Here is some list of Zerodium payouts for Tor Browser Exploits:
- RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $250,000
- RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) without JavaScript: $185,000
- RCE+LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $125,000
- RCE (No LPE) for Tor Browser on Tails 3.x (64bit) and on Windows 10 RS3/RS2 (64bit) with JavaScript: $85,000
- RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $200,000
- RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) without JavaScript: $175,000
- RCE and LPE to Root/SYSTEM for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $100,000
- Only RCE (No LPE) for Tor Browser on Tails 3.x (64bit) OR on Windows 10 RS3/RS2 (64bit) with JavaScript: $75,000
Those interested can submit their exploit until November 30th, 2017 at 6:00 pm EDT. This company including that the premium may be canceled ere its close if the total payout to researchers transfers one million U.S. dollars ($1,000,000).
Post A Comment:
0 comments: