As you might know, or not, Zerodium is currently paying some premium rewards for security researchers in order to get their hands on original zero-day exploits that affect major software, devices and major operating systems. Though there are still other bug bounty programs that accept any kind of PoCs or vulnerabilities, Zerodium focuded instead on high risk ones and exploits that can be exploited to the fullest. Moreover, according to their claims, they pay the highest rewards existing on the market.
Currently they are looking for somebody to work either on remote code execution or on local privilege escalation for several operating systems such as Mac OS 10.12 or 10.11, Windows 10/8.x or 7, Linux and VM Guest-to-Host Escape. Besides, they also interested in finding out new hacks for web browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.
Among all the things they look for, an interesting area is the domain of plugins and readers. Currently they want to know how to hack Adobe PDF Reader, Windows Reader App, Microsoft Office, together with Adobe Flash Player. For this they want somebody who can research and discover new ways of hacking, namely remote code execution or sandbox escape/bypass, if there are any, or both of them.
Many people found weird the fact that Zerodium wants to find hackers for Flash Player so much that they even raised the award for the Flash Player (RCE) and Sandbox Escape from $80,000 to $100,000. Of course, this product is not the only one on which they raised the award to stimulate competition, but even so, it is curious how they chose it together with other (more important, according to many users) areas such as the browsers.
Finally, it remains to be seen how many people will be stimulated by this increased prize and what solutions will they further bring to the company.