Zerodium, a security exploit vendor announced earlier today that it is increasing its prize payout for Microsoft Outlook zero-click remote code executions (RCEs) to $400,000 up from the earlier payout of $250,000, a 60% raise.
Zero-click exploits are especially dangerous as they do not require user interaction if at all, to deliver malicious payloads onto a potential victim's device. Zerodium however has noted that the increase in the payout is "temporary" implying that the decision may be revised later.
Here's the full announcement:
We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward.
In related Outlook news, Microsoft's One Outlook Project Monarch is apparently delayed but it's still making headway according to reports.
Alongside the Microsoft Outlook payout announcement, Zerodium also made an announcement for Mozilla's Thunderbird platform too, with an award bounty of $200,000.
We are looking for zero-click exploits affecting Thunderbird and leading to remote code execution when receiving/downloading emails, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward.
More information may be found on the official announcement page.
1 Comment - Add comment