Zero-click exploits let attackers compromise PCs and networks without requiring user interaction. One company that buys such exploits, Zerodium, outlines the change on its limited-time bug bounties page.
Set off the exploit
Some cyberattacks, such as phishing emails or instant messages, require people to interact with an attack in order to set off the exploit. Zero-click exploits do not require interaction, making them even more dangerous. Zerodium is a security company specializing in acquiring and reselling zero-day exploits and vulnerabilities. Its primary customers are government agencies in North America and Europe.
Increased payout
Microsoft increased the payout for Outlook zero-click RCEs on January 27, 2022. They will continue until a date undisclosed. Microsoft offers bounties from $5,000 to $250,000 for reports of vulnerabilities in its software. The company paid $13.6 million for bug bounty rewards between July 2020 and July 2021. Microsoft’s bug bounty payout is less than that of Zerodium; the bounty values vary based on the severity of the discovered vulnerability. What is your take on Microsoft’s way around the bugs? Share your thoughts with us in the comment section below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
