Zerodium this week announced that it will not be purchasing any iOS exploits for the next two to three months due to a high number of submissions. In other words, the company has so many security vulnerabilities at its disposal that it does not need any more.
Zerodium is an exploit acquisition platform that pays researchers for zero-day security vulnerabilities and then sells them to institutional customers like government organizations and law enforcement agencies. The company focuses on high-risk vulnerabilities, normally offering between $100,000 and $2 million per fully functional iOS exploit.
We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors.
— Zerodium (@Zerodium) May 13, 2020
Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future.
In an explicit tweet, Zerodium CEO Chaouki Bekrar said iOS security is in bad shape, noting that there are at least a few persistent zero-day security vulnerabilities affecting all iPhones and iPads. "Let's hope iOS 14 will be better," added Bekrar.
Apple has its own bug bounty program that offers between $5,000 and $1 million for security vulnerabilities in iOS, iPadOS, macOS, tvOS, or watchOS.
Tag: Zerodium
This article, "Zerodium Temporarily Stops Purchasing iOS Exploits Due to High Number of Submissions" first appeared on MacRumors.com
Discuss this article in our forums
from MacRumors: Mac News and Rumors - All Stories https://ift.tt/35Zz0br
No comments:
Post a Comment
Leave your thoughts....