Meta's $1M Bounty for WhatsApp Exploits at Pwn2Own Ireland 2025
Discover how Meta is sponsoring Pwn2Own Ireland 2025, offering up to $1M for WhatsApp exploits. Learn about the event, categories, and potential rewards.
TL;DR
Meta is sponsoring Pwn2Own Ireland 2025, offering up to $1 million for WhatsApp exploits. The event, held in Cork from October 21-24, features eight categories including smartphones, wearables, and smart home devices. Participants can earn significant rewards for identifying vulnerabilities in WhatsApp and other targets.
Meta’s $1M Bounty for WhatsApp Exploits at Pwn2Own Ireland 2025
Meta is backing the Pwn2Own Ireland 2025 hacking competition, offering substantial rewards for smartphone, WhatsApp, and wearable device exploits. The event, organized by Trend Micro’s Zero Day Initiative (ZDI), will take place from October 21 to 24 in Cork, Ireland. Participants can earn up to $1 million for a WhatsApp exploit that enables remote code execution without user interaction1.
Event Details and Categories
Pwn2Own Ireland 2025 features eight distinct categories where participants can demonstrate their hacking skills:
- Mobile Phones: Exploits targeting various mobile devices.
- Messaging Category: Focusing on vulnerabilities in messaging applications.
- The SOHO Smashup: Targeting small office/home office devices.
- Smart Home Devices: Exploits in smart home gadgets.
- Printers: Vulnerabilities in printing devices.
- NAS Devices: Exploits in network-attached storage devices.
- Surveillance System Devices: Vulnerabilities in surveillance systems.
- Wearables Category: Exploits in wearable technology2.
Rewards and Incentives
Participants have the opportunity to earn significant rewards:
- WhatsApp Exploits: Up to $1 million for a zero-click remote code execution exploit.
- One-Click WhatsApp Exploits: Up to $500,000 for one-click remote code execution.
- Account Takeover: Up to $150,000 for zero-click account takeover exploits.
- Wearables: Up to $150,000 for zero-click RCE on Ray-Ban smart glasses and Quest headsets, with $30,000 for self jailbreak3.
New Challenges and Additions
ZDI has introduced new challenges for this year’s event:
- USB Attack Vector: A new USB attack vector has been added to the mobile category.
- SOHO Smashup: Increased difficulty with fewer but more complex devices. Successfully compromising both targets within 30 minutes earns $100,0004.
Previous Success and Future Implications
Last year, Pwn2Own Ireland 2024 saw participants earn a total of $1,066,625 for over 70 new vulnerabilities. This year’s event promises to be even more challenging and rewarding, highlighting the importance of cybersecurity in an increasingly connected world5.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon.
Pierluigi Paganini6.
(SecurityAffairs – hacking, WhatsApp)7.
For more details, visit the full article: source
Additional Resources
For further insights, check:
References
-
Trend Zero Day Initiative (@thezdi) (July 31, 2025). “Announcing #Pwn2Own Ireland for 2025!”. Twitter. Retrieved 2025-08-01. ↩︎
-
ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎
-
ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎
-
ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎
-
ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎