$1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal
WhatsApp told SecurityWeek that the two low-impact vulnerabilities cannot be used for arbitrary code execution. The post $1M WhatsApp Hack Flops: Only Low-Risk Bugs Disclosed to Meta After Pwn2Own Withdrawal appeared first on SecurityWeek.
Much of the cybersecurity community was disappointed to learn on Thursday that a researcher scheduled to demonstrate a $1 million WhatsApp exploit at the Pwn2Own hacking contest had withdrawn from the event, but it appears that some have correctly speculated regarding the exploit’s technical viability.
A total of more than $1 million was paid out to the researchers who took part in the Pwn2Own Ireland 2025 contest organized this week by Trend Micro’s Zero Day Initiative (ZDI). Bounties ranging between a few thousand dollars and $100,000 were awarded to white hat hackers who publicly demonstrated exploits against printers, routers, NAS devices, smartphones, and smart home systems.
On Thursday, a researcher named Eugene (3ugen3) from a team called Team Z3 was scheduled to attempt to demonstrate a $1 million zero-click remote code execution exploit against WhatsApp, but the public demonstration did not take place.