The exploitation of the acquisition company Zerodium announced on Wednesday that it is ready to offer a total of $ 1 million for zero-day vulnerabilities in Browser Tor, an application that lets users access Tor's anonymity network and protect their privacy.
SecurityWeek reported that the Company plans to sell exploits obtained to its government customers for allegedly helping them identify people who use Tor for drug trafficking and child abuse, and "making the world a better and safer place for everyone."
Zerodium seeks exploits Tor Browser that works on Windows and Tails, a secure and privacy-oriented Linux distribution.
If exploit only works on one of the operating systems, it can still be worth up to $ 200,000.
if it includes code execution and privilege escalation, and $ 85,000 if only for code execution.
The minimum content is $ 75,000 for RCE exploits that work both on Windows and Rails.
This is not the first time the company has offered $ 1 million. Back to 2015, reportedly paying this amount to a team of hackers who found browser-based jailbreak without permission for iOS 9.1.
Zerodium explains that exploits should work without sound and the only user interaction allowed is visiting specially crafted web pages. Exploits that require control or manipulation of the Tor knot, or which may interfere with Tor's network will not be accepted.
Browser Tor gifts run until November 30, but may be closed early if a $ 1 million gift package is paid out.