Apple 

Safari RCE – $80K USD

• Works on iPhone 11 or on MacOSX , latest version. 

iOS PE

• iPhone XR –  $60K USD

         o From App / user to Kernel

         o Latest version

• iPhone 11 – $80K USD

         o From App / user to Kernel

         o Latest version

 Linux

LPE – $50K USD

• User to root
• PE should bypass LSM (Linux Security Module) such as AppArmor and SELinux
• PE Should run on latest versions on at least 2 of the following distributions:

         o Ubuntu – currently 19.4

         o Debian – currently 9

         o Fedora – currently 29

         o CentOS – currently 7

• PE should gain root unconfined.
• Minimum Kernel version – 4.x
• On field – will be tested on ubuntu.

 Chrome

RCE – $80K USD

• Runs on latest version
• Works on latest version
• Achieves shellcode with breakpoint popped out
• Runs on Windows latest Build, 64-bits

SBX

Note – One prize would be given to participants that their SBX applies to both categories

 Chrome SBX on Windows – $80K USD

• The vulnerability has to be in Chrome browser
• Researcher should patch Chrome’s sources in order to demonstrate the exploit.
• Will take the researcher an hour to test

o Should be well documented, otherwise it would take longer

 Android

SBX

• Galaxy A10 – SM-10- $50K USD

o Android 10

o Should run code on 64-bit

o Latest kernel, latest security update

• Pixel 4 – $80K USD

o Android 10

o Latest kernel, latest security update

o Should run code on 64-bit

 Android Kernel PE

• Galaxy A10 – SM-10 – $50K USD

o Android 10

o Latest kernel, latest security update

o Exploit has to run code and gain root from untrusted_app

• Pixel 4 – $80K USD

o Android 10

o Latest kernel, latest security update

o Exploit has to run code and gain root from untrusted_app

Application RCE on Android – $60K USD

•  Targeted apps – WhatsApp, Facebook, Facebook Messenger, Instagram.

o Success measure – Should pop a message box with any text

o Should work on latest Samsung S series device, with the latest Android version. Should include info leak.
Price for that bug 

 Windows

PE

• Medium to System – $10K USD
• Should work on latest version (19H2) on default Windows configurations.
• Success measurement(One of the above):

o Raise a bp in a system process

o Pop cmd in system privileges

o Run an arbitrary shellcode with system privileges

• From Chrome Sandbox to Kernel – $40K USD

o Should work on latest version (19H2) on default Windows configurations.

o Success measurement(One of the above):

o Raise a bp in the kernel

o Pop cmd in high privileges

o Run an arbitrary shellcode in the kernel

o BSOD (researcher will probably get a lower prize)

o HVCI Bypass – $50K USD

o From system to kernel, when HVCI turned on

o Should work on latest version (19H2 – latest insider), on default Windows configurations.

o Success measurement

o Run an arbitrary shellcode with an arbitrary size in the kernel (shellcode / unsigned driver)

 Exchange 

All items below must work on at least one of the latest version of Exchange 2013, Exchange 2016 or Exchange 2019

Pre Authentication RCE – $75K USD

o Run Code with Exchange permissions (nt system)

o write file to the disk (WebShell)

o must work on default configurations

o remote code execution on Exchange without authentication

o success measurement

Post Authentication RCE – $60K USD

o Run Code with Exchange permissions (nt system)

o write file to the disk (WebShell)

o must work on default configurations

o Remote code execution on Exchange server after authentication

o Success measurement

Impersonation – $40K USD

o Successfully read and write emails as any user in the system, while authenticated as other.

o must work on default configurations

o Impersonation Vulnerability

o Success measurement – 

Authentication bypass – $40K USD

o login as user for one or more of Exchange interfaces (OWA, EWS, Etc..) and read and write emails.

o must work on default configurations

o Success measurement