[ad_1]
Last week, we learned about a series of malicious exploits targeting websites that targeted iPhone users for years. Tonight, a new report from Vice plunges into the current state of the security industry and how the number of iOS exploits continues to grow.
Ecobee HomeKit Thermostat
Zerodium, one of the many "vulnerability brokers", has announced a new pricing structure that values higher Android exploits than iOS exploits. Android exploits that allow the "complete takeover" of devices without the user clicking anything now represent a value of $ 2.5 million, while the same vulnerability related to IPhone is worth $ 2 million.
Meanwhile, Zerodium has also reduced the value of an iOS exploit in 1 click from $ 1.5 million to $ 1 million.
Zerodium's founder, Chaouki Bekrar, explains that this is due to the fact that the zero-day market has been "flooded" by iOS exploits:
"The zero-day market is flooded with iOS explosives, mainly Safari and iMessage channels, mainly because of the large number of security researchers who have turned to full-time iOS operation. They have absolutely destroyed the iOS security and mitigation measures. There are so many exploits on iOS that we start to refuse some. "
For its part, Bekar explains that it is "very difficult and tedious to develop complete Android operation chains," he added. are more valuable.
Crowdfense is another company that buys zero day exploits with a particular focus on selling to governments. Crowdfense director Andrea Zapparoli Manzoni corroborated that there are now far more explosions on iOS than on Android, but with a caveat:
"There are more iOS channels on the market, but not all of them are smart," he wrote in an email. "Many researchers are trying to get the best payments (like the ones we pay), but not all of them are able to deliver the 'right products'," he wrote, adding that it adds to the "noise" of the market.
In this case, the fragmentation of Android is useful, said Zapparoli Manzoni:
"Android is a landscape so fragmented that a" universal chain "is almost impossible to find; much more difficult than on iOS which is a "monoculture". "
Of course, it is important to note that Crowdfense and Zerodium represent only a part of the exploit market, as Vice Notes. This means that they might not tell the whole story.
In addition, Apple itself recently doubled its bounty program, announcing higher earnings and a new iOS Security Research Device program that will see it distribute pre-jailbroken iPhones to researchers. This indicates a renewed interest in Apple's premium programs and could help counter what some sellers of exploits see.
Subscribe to 9to5Mac on YouTube for more information on Apple:
[ad_2]
Source link