A year ago, Zerodium quoted only $200000 for such Android vulnerabilities, but has now doubled to 12 times (100 times the value of some smaller Android vulnerabilities).
For the latest Android 10 mobile operating system, Zerodium is clearly ready. For a Google spokesman, the time was really awkward, so he chose not to respond.
Acquisition incentives for instant messaging (IM) vulnerabilities are also rising
At the same time, Zerodium also announced increased acquisition costs for instant messaging client vulnerabilities, regardless of which operating system it runs on.
The value of user-free interaction (zero-click), remote code execution (RCE), and local privilege escalation (LPE) vulnerabilities in WhatsApp or iMessage is now as high as $1.5 million.
If user interaction is required, its utilization value will be reduced to $1 million (WhatsApp) and $500,000 (iMessage). In contrast, last year's vulnerability acquisition price for the two Apps was only $500,000.
Zerodium also points to recent "market trends"
The company said on its official twitter account that recent price increases for the bug are catering to the latest market trends. That's in line with Zerodium CEO Chauuki Bekrar's argument in an interview with ZDNet in March.
Earlier, the company launched a zero-day vulnerability acquisition plan based on cloud technology. Bekrar said that Zerodium customers have specific requirements for exploiting the chain, and based on this, the company will properly increase the reward for vulnerability submission.
In other words, the Zerodium price adjustment means that government law enforcement agencies have a sudden interest in acquiring software vulnerabilities in Android devices.