Meta's $1M Bounty for WhatsApp Exploits at Pwn2Own Ireland 2025

TL;DR

Meta is sponsoring Pwn2Own Ireland 2025, offering up to $1 million for WhatsApp exploits. The event, held in Cork from October 21-24, features eight categories including smartphones, wearables, and smart home devices. Participants can earn significant rewards for identifying vulnerabilities in WhatsApp and other targets.

Meta’s $1M Bounty for WhatsApp Exploits at Pwn2Own Ireland 2025

Meta is backing the Pwn2Own Ireland 2025 hacking competition, offering substantial rewards for smartphone, WhatsApp, and wearable device exploits. The event, organized by Trend Micro’s Zero Day Initiative (ZDI), will take place from October 21 to 24 in Cork, Ireland. Participants can earn up to $1 million for a WhatsApp exploit that enables remote code execution without user interaction¹.

Event Details and Categories

Pwn2Own Ireland 2025 features eight distinct categories where participants can demonstrate their hacking skills:

• Mobile Phones: Exploits targeting various mobile devices.
• Messaging Category: Focusing on vulnerabilities in messaging applications.
• The SOHO Smashup: Targeting small office/home office devices.
• Smart Home Devices: Exploits in smart home gadgets.
• Printers: Vulnerabilities in printing devices.
• NAS Devices: Exploits in network-attached storage devices.
• Surveillance System Devices: Vulnerabilities in surveillance systems.
• Wearables Category: Exploits in wearable technology².

Rewards and Incentives

Participants have the opportunity to earn significant rewards:

• WhatsApp Exploits: Up to $1 million for a zero-click remote code execution exploit.
• One-Click WhatsApp Exploits: Up to $500,000 for one-click remote code execution.
• Account Takeover: Up to $150,000 for zero-click account takeover exploits.
• Wearables: Up to $150,000 for zero-click RCE on Ray-Ban smart glasses and Quest headsets, with $30,000 for self jailbreak³.

New Challenges and Additions

ZDI has introduced new challenges for this year’s event:

• USB Attack Vector: A new USB attack vector has been added to the mobile category.
• SOHO Smashup: Increased difficulty with fewer but more complex devices. Successfully compromising both targets within 30 minutes earns $100,000⁴.

Previous Success and Future Implications

Last year, Pwn2Own Ireland 2024 saw participants earn a total of $1,066,625 for over 70 new vulnerabilities. This year’s event promises to be even more challenging and rewarding, highlighting the importance of cybersecurity in an increasingly connected world⁵.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon.

Pierluigi Paganini⁶.

(SecurityAffairs – hacking, WhatsApp)⁷.

For more details, visit the full article: source

Additional Resources

For further insights, check:

• Zero Day Initiative Blog
• Trend Micro

References

1. Trend Zero Day Initiative (@thezdi) (July 31, 2025). “Announcing #Pwn2Own Ireland for 2025!”. Twitter. Retrieved 2025-08-01. ↩︎

2. ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎

3. ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎

4. ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎

5. ZDI’s announcement (2025). “Pwn2Own returns to Ireland with a one million dollar WhatsApp target”. Zero Day Initiative. Retrieved 2025-08-01. ↩︎

6. Pierluigi Paganini⁶. ↩︎

7. (SecurityAffairs – hacking, WhatsApp)⁷. ↩︎