×
Uncategorized

WhatsApp 0-Click RCE Exploit Worth $1 Million at Pwn2Own Ireland 2025

Cybersecurity researchers have a massive incentive to target WhatsApp this fall, as the Zero Day Initiative (ZDI) announced a record-breaking $1 million bounty for a zero-click remote code execution exploit against the popular messaging platform at Pwn2Own Ireland 2025.

The unprecedented prize represents the largest single bounty in Pwn2Own history and is made possible through a partnership with Meta, WhatsApp’s parent company, which is co-sponsoring this year’s competition.

The contest will take place from October 21-24, 2025, at ZDI’s offices in Cork, Ireland.

“We introduced this category last year, but no one attempted it. Perhaps a number with two commas will provide the needed motivation,” ZDI officials stated in their announcement.

The million-dollar prize specifically targets zero-click WhatsApp vulnerabilities that lead to code execution, meaning exploits that require no user interaction to compromise a device.

Meta’s significant investment in the bounty program reflects the critical importance of securing WhatsApp, which serves over three billion users globally.

The messaging platform has become an attractive target for threat actors seeking to access sensitive communications, making security research particularly valuable.

Beyond the flagship WhatsApp prize, the contest will feature eight different categories targeting various consumer and enterprise technologies.

The mobile phone category includes targets like iPhone 16 Pro and Samsung Galaxy S24, with prices ranging from $50,000 to $300,000.

A new USB attack vector has been introduced for mobile devices, allowing researchers to demonstrate physical access exploits.

The SOHO Smashup category challenges participants to compromise two small office/home office devices within 30 minutes for a $100,000 prize.

Other categories cover smart home devices, printers, network-attached storage systems, surveillance equipment, and wearable devices, including Meta’s Ray-Ban Smart Glasses and Quest 3/3S headsets.

Synology and QNAP return as co-sponsors, providing network-attached storage targets for the competition. The printer category features new targets from Brother alongside traditional participants Canon and HP.

Last year’s Irish event awarded $1,066,625 for over 70 unique zero-day vulnerabilities, setting a high bar for 2025’s competition.

With the addition of the million-dollar WhatsApp bounty, organizers expect to surpass previous records significantly.

Registration for the contest closes at 5:00 PM Irish Standard Time on October 16, 2025, with no exceptions for late entries.

Researchers interested in participating must contact ZDI directly at pwn2own@trendmicro.com to begin the registration process.

The competition will determine attempt order through random drawing on the first day, with real-time results shared through ZDI’s blog and social media channels using the #P2OIreland hashtag.

The overall winner receives the coveted “Master of Pwn” title along with additional ZDI reward points and recognition in the cybersecurity community.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!

Related Posts

Post Comment

You May Have Missed

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None