Android hacker eclipse iOS exploits in the vulnerability market



[ad_1]

Zerodium revamps leverages bonus payments

Zerodium's acquisition platform of achievements has increased the amount that it is willing to pay for mobile exploits in a redesign of its price list that makes Android exploits more lucrative than those of iOS attacks for the first time.

The realignment, announced Tuesday, comes just days after last week's bombshell by Google researchers on how a group of attacks has chained several zero-day exploits to carry out the killing of iPhones .

The operation – unprecedented in its magnitude – was based on misleading iOS device users for them to visit trapped websites.

A new entry from the list – "Complete Android Channel (zero-click) persistently" – costs up to $ 2.5 million. In comparison, exploits or persistence techniques Apple iOS (another new category) are worth only $ 500,000.

The potential gain for a "Apple iOS (one click) persistently full chain" feat has been reduced from $ 1.5 million to $ 1 million.

A one-click exploit based on iMessage that allows remote code execution (RCE), but without granting persistence, previously offered a gain of up to $ 1 million. This amount has been cut in half to $ 500,000.

Persistent Pwnage

While rewards for so-called "one-click" attacks that require misleading targets to allow malicious action have decreased, the price that Zerodium is ready to offer for exploits that work without any user interaction has been increased .

For example, the gain for an RCE attack against WhatsApp that works without any user interaction has gone from $ 1 million to $ 1.5 million, even in cases where an attack does not produce a persistent message.

Zerodium stated that this increase reflected the (unspecified) changes in market trends in the mobile exploit market. The organization's proposed prices for farms and desktop and server targeting vulnerabilities remain unchanged.

"We have updated our prices for major mobile exploits," says the exploit broker in a update on Twitter.

"For the first time, we will pay more for Android than for iOS. We also increased WhatsApp and iMessage (0 click), but we reduced the payment for iOS (1 click) according to market trends. "

The Daily Swig asked the company to explain these market trends and to indicate what effect, if any, the massive hacking of recently disclosed iPhones has had in the marketplace. feat.

Observers from Infosec have expressed surprise at the evolution of prices of the operation of mobile telephony.

"You would think that burning a giant pile of iOS 0day would drive up the price of the iOS," m said security researcher Dean Pierce.

"Maybe the demand has dropped, because the NSO, etc., is no longer allowed to sell to the Saudis, although I would be surprised to see if a single information center caused such price fluctuation.

"The bug is fun," he added.

RECOMMENDED Bug Bounty Radar // August 2019

[ad_2]

Source link