Menu

Navigation

How much does a zero-day exploit cost?

Posted on by Arif Clayton

How much does a zero-day exploit cost?

Currently, the lower range of the zero-day exploit market is around $60,000 for an Adobe Reader attack. On the high end, zero-day exploits that attack Apple iOS can go for upwards of $2.5 million USD. Like any other market, zero-day exploit prices are determined largely by supply and demand.

Is it illegal to sell zero-day exploits?

For-profit zero day research, and even brokering, is completely legal. This is because the knowledge of a zero day is not the same thing as the exploitation of a zero day. Knowing a flaw exists is not illegal to know, and for companies that have such flaws this knowledge can help prevent security disasters.

Is zero-day a virus?

Zero day malware is malware that exploits unknown and unprotected vulnerabilities. This novel malware is difficult to detect and defend against, making zero day attacks a significant threat to enterprise cybersecurity.

How much is a zero-day?

Bounties for eligible zero-day exploits range from $2,500 to $2,500,000 per submission.

How much does a zero-day sell for?

What is the Price Range? The price range for 0day exploits is from $60,000 (Adobe Reader) up to $2,500,000 (Apple iOS) per one zero-day exploit. Payout For the n-day vulnerabilities transferred into functional exploits is much lower. However, the price for exploit differs from marketplace to marketplace.

Why is it called Zero-Day?

The term “zero-day” refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. Zero-day is sometimes written as 0-day.

Are zero-day attacks common?

According to the Ponemon Institute, 80% of successful breaches were Zero-Day attacks.

What is remote code execution?

Remote code execution (RCE) refers to the ability of a cyberattacker to access and make changes to a computer owned by another, without authority and regardless of where the computer is geographically located. RCE allows an attacker to take over a computer or a server by running arbitrary malicious software (malware).

What is a reasonable price for zero-day vulnerabilities?

What is the Price Range? The price range for 0day exploits is from $60,000 (Adobe Reader) up to $2,500,000 (Apple iOS) per one zero-day exploit.