Zerodium Offers $ 1 Million for Tor Browser Exploits

Zerodium Offers $ 1 Million for Tor Browser Exploits

The exploitation of the acquisition company Zerodium announced on Wednesday that it is ready to offer a total of $ 1 million for zero-day vulnerabilities in Browser Tor, an application that lets users access Tor’s anonymity network and protect their privacy.

SecurityWeek reported that the Company plans to sell exploits obtained to its government customers for allegedly helping them identify people who use Tor for drug trafficking and child abuse, and “making the world a better and safer place for everyone.”

Zerodium seeks exploits Tor Browser that works on Windows and Tails, a secure and privacy-oriented Linux distribution.

 While the highest award can be obtained for exploits working on “high” security settings with JavaScript blocked, the company is also poised to pay significant amounts of money for exploits that only work with allowed JavaScript, which is a “low” security setting in Tor Browser

Exploits allow remote code execution and local privilege escalation can generate up to $ 250,000 if working on Windows 10 and Tails 3.x with JavaScript blocked.

If exploit only works on one of the operating systems, it can still be worth up to $ 200,000.

Execution of remote code execution that does not include privilege escalation capability worth up to $ 185,000 with JavaScript blocked. Exploits that require JavaScript to be enabled can earn up to $ 125,000

 if it includes code execution and privilege escalation, and $ 85,000 if only for code execution.

The minimum content is $ 75,000 for RCE exploits that work both on Windows and Rails.

This is not the first time the company has offered $ 1 million. Back to 2015, reportedly paying this amount to a team of hackers who found browser-based jailbreak without permission for iOS 9.1.

Zerodium explains that exploits should work without sound and the only user interaction allowed is visiting specially crafted web pages. Exploits that require control or manipulation of the Tor knot, or which may interfere with Tor’s network will not be accepted.

“With the growing number to take advantage of the mitigation of modern systems, exploiting browser vulnerabilities is getting harder every day, but motivated researchers are always developing new browser exploits despite the complexity, thanks to their skills and capabilities, a bit of scripting language like JavaScript,” Zerodium said.

Browser Tor gifts run until November 30, but may be closed early if a $ 1 million gift package is paid out.


Please enter your comment!
Please enter your name here