Record-breaking rewards for WhatsApp vulnerabilities

Posted date 12/08/2025

12/08/2025

Meta, the parent company of WhatsApp, has joined as a sponsor of the prestigious hacking competition Pwn2Own Ireland 2025, organized by the Zero Day Initiative (ZDI) in Cork, from October 21 to 24. This edition offers unprecedented rewards for the detection of critical vulnerabilities in its messaging platform.

The most notable prize is $1 million for anyone who manage to demonstrate a zero-click remote code execution (RCE) exploit in WhatsApp. This amount far exceeds the $300,000 offered last year for a similar vulnerability.

In addition to the messaging category, the competition spans a wide range of categories, reinforcing its global security focus: mobile devices, which this year include a new USB attack vector; wearables such as Ray-Ban smart glasses and Quest headsets, with rewards of up to $150,000 for zero-click exploits and $30,000 for jailbreaks; and SOHO Smashup, a category that offers $100,000 and recognition in “Master of Pwn” points to anyone who successfully compromises home networking devices within 30 minutes. The event also includes smart home devices, NAS systems (from QNAP and Synology), printers, and surveillance systems, with smaller prizes depending on the type of vulnerability discovered.

It is worth noting that, in the 2024 edition, Pwn2Own Ireland awarded researchers over $1.06 million for the finding of more than 70 zero-day vulnerabilities.

References

01/08/25

securityaffairs.com

Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables, Oct 21–24 via Zero Day Initiative
01/08/25

redhotcyber.com

¡WhatsApp en la mira! En Pwn2Own Irlanda 2025, se otorgará un premio de 1 millón de dólares por un exploit RCE sin clics
02/08/25

escudodigital.com

Ofrecen 1 millón de dólares por encontrar brechas de seguridad en WhatsApp
04/08/25

scworld.com

ZDI to offer $1M for WhatsApp zero-click exploit

Etiquetas