Bounties of up to $1 million will be provided by the Zero Day Initiative for cybersecurity researchers reporting a zero-click remote code execution exploit in WhatsApp at this year's Pwn2Own Ireland hacking contest, which is co-sponsored by WhatsApp parent firm Meta, QNAP, and Synology, BleepingComputer reports.
ZDI will also be offering rewards of $500,000 and $150,000 for one-click RCE and remote zero-click account takeover exploits, while discoveries of remote zero-click microphone or video feed access, remote zero-click user sensitive data access, and remote one-click user sensitive data access will merit bounties of $130,000 each. "We also will have lesser cash awards for other WhatsApp exploits, so be sure to check out the Messaging section for full details. We introduced this category last year, but no one attempted it. Perhaps a number with two commas will provide the needed motivation," said ZDI, which awarded over $1 million in bounties for the discovery of more than 70 zero-days in last year's event.
ZDI will also be offering rewards of $500,000 and $150,000 for one-click RCE and remote zero-click account takeover exploits, while discoveries of remote zero-click microphone or video feed access, remote zero-click user sensitive data access, and remote one-click user sensitive data access will merit bounties of $130,000 each. "We also will have lesser cash awards for other WhatsApp exploits, so be sure to check out the Messaging section for full details. We introduced this category last year, but no one attempted it. Perhaps a number with two commas will provide the needed motivation," said ZDI, which awarded over $1 million in bounties for the discovery of more than 70 zero-days in last year's event.
