PWN Cyber Exploit Archive – March 2019

The RunSafe Pwn IndexTM is a proprietary score and methodology to track the average price of cyber exploits targeting enterprise and government agency software assets. Like the Dow Jones Industrial Average, the RunSafe Pwn Index calculates the average price of an exploit across operating systems on servers, mobile devices, and embedded systems. Published quarterly, the RunSafe Pwn Index leverages multiple sources of exploit data, including dark web marketplaces, payout services and private practitioners, to collect pricing data for zero-day exploits.

Index Summary (updated March 6, 2019)

RunSafe Pwn Index $15,118 Trending Up
Mobile Exploit Index $20,589 Trending Down
Server Exploit Index $13,508

No Change


  • Mobile payouts (due to the value of user data) exceed server payouts because often the exploit on a server is part of a complex kill chain. The app is just one step in the process. Further, remote code execution payouts of IOS are high (Apple still rules mobile). Given Apple’s closed system and tight security efforts and the demographics of its customers, gaining access is a premium service that few attackers can achieve. The scarcity of the supply of exploits drives the price up.
  • Most sought after exploits are remote code execution because such exploits provide the attacker with the ability to execute malicious code and take complete control of an affected system with the privileges of the user running the application
  • For messaging apps, hackers desire both remote code execution and local privilege execution, perhaps to send malicious links to other users. Given the popularity of messaging apps on mobile devices and the increased utilization of messaging between parties, hackers gain access to a device via a messaging app to enable a persistent way to collect data about a user or to dupe a user into performing additional steps to gain access to the mobile device itself.
  • Virtual machine escape, defined as breaking out of a virtual machine and interacting directly with the host operating system, presents risk to enterprise private cloud deployments. Multiple CVEs exist related to proprietary deployments such as VMWare, HyperV, Oracle VirtualBox, as well as open-source emulators that perform hardware virtualization, such as QEMU.
  • In summary, by purchasing an exploit on the dark web for less than $21,000, hackers can cause business disruption, reputational damage, injury, and/or significant financial loss.

RunSafe Security addresses these exploits through Alkemist, which denies malware the uniformity required to propagate and precludes exploits from spreading across multiple devices and networks, thereby ensuring continuity of operations. Contact us to learn more.


RunSafe Security provides this material solely for informational and marketing purposes.