The Zero Day initiative is providing a $1 million reward to safety researchers demonstrating a zero-click WhatsApp exploit within the upcoming PWN2Own Areland 2025 hacking contest.
Document Bounty zero-clicks safety flaws that permit code execution with out person interplay on a messaging platform utilized by over 3 billion folks worldwide.
Alongside Synology and QNAP, Meta is co-hosting the PWN2Own Areland 2025 contest, which can be held in Cork, Eire from October twenty first to October twenty fourth.
“As you might need guessed from the title, we’re wanting ahead to saying that Meta is co-hosting this yr’s occasion. They need to see an important WhatsApp exploit. They’re so excited. They’re spending $1,000,000 on a 0-click WhatsApp bug that results in code execution,” the Zero Day Initiative introduced Thursday.
“We’ll even be receiving much less money awards for different WhatsApp exploits, so take a look at the messaging part for extra particulars. We launched this class final yr, however nobody tried it.
The competition is available in eight classes focusing on cellphones, messaging apps, house networking tools, good house units, printers, community storage programs, surveillance tools, and wearable applied sciences. These embrace Meta Ray-Ban Good Glasses, Quest 3/3S Headset, Samsung Galaxy S25, Google Pixel 9, and Apple iPhone 16 Flagship SmartPhone.
ZDI additionally requested to increase the assault vector within the cell class to compromise locked telephones by way of bodily connections, together with leveraging the USB ports of cell units. Conventional wi-fi protocols equivalent to Wi-Fi, Bluetooth and close to subject communication stay efficient strategies of assault.
Registration will shut at commonplace time in Eire on October sixteenth at 5pm, with contest orders decided by random drawings. The Zero Day initiative runs occasions to establish vulnerabilities earlier than malicious actors exploit them, and coordinate accountable disclosures with affected distributors.
After the issues are exploited within the PWN2Own occasion, distributors have 90 days to launch safety updates earlier than Development Micro’s Zero Day initiative is revealed.
Final yr’s PWN2Own Eire occasion awarded $1,078,750 for over 70 zero-day vulnerabilities, whereas Viettel Cyber Safety raised $205,000 for defects demonstrated on the QNAP NAS, Sonos audio system and Rexmark printers.
