A glut of iOS 0-days pushes their price below cost of those for Android

by
Dan Goodin
from Ars Technica - All content on (#4PHCY)
data-cash-Aurich-Lawson-Getty-800x450.jp

Enlarge (credit: Getty Images | Aurich Lawson)

For the first time ever, the security exploit broker Zerodium is paying a higher price for zero-day attacks that target Android than it pays for comparable attacks targeting iOS.

An updated price list published Tuesday shows Zerodium will now pay $2.5 million apiece for "full chain (Zero-Click) with persistence" Android zero-days compared with $2 million for iOS zero-days that meet the same criteria. The previous program overview offered $2 million for unpublished iOS exploits but made no reference at all to the exploits for Android. Zerodium founder and CEO Chaouki Bekrar told Ars the broker paid on a "case by case basis depending on the chain" for Android exploits.

"Flooded by iOS exploits"

Bekrar told Ars the move was prompted by a glut of working iOS exploit chains that has coincided with the growing difficulty of finding comparable exploits for versions 8 and 9 of Android. In a message, Bekrar wrote:

Read 7 remaining paragraphs | Comments

index?i=ZGFl-y6Got8:QFN--0t5YeM:V_sGLiPB index?i=ZGFl-y6Got8:QFN--0t5YeM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments