iTnews
  • Home
  • News
  • Technology
  • Security

Android exploits now pay more than iOS ones

By Juha Saarinen on Sep 4, 2019 1:58PM
Android exploits now pay more than iOS ones

Apple iOS exploit glut causes payouts to drop?

Controversial exploit trader Zerodium now pays more for unpatched vulnerabilities affecting Google's Android operating system than Apple's iOS equivalent, for the first time.

An Android zero-click full-chain exploit that persists on compromised mobile devices can earn sellers up to US$2.5 million.

In comparison, Zerodium pays up to US$2 million for an equivalent iOS exploit chain.

Zerodium also dropped its rates for a single-click full-chain exploit for iOS that persists from US$1.5 million to US$1 million.

Single-click Apple iMessage remote code execution and local privilege escalation bugs without persistence only bring in half of what they used to, at US$500,000.

However, a zero-click, non-persistent remote code execution and local privilege escalation vulnerabilty in iMessage is now worth US$1.5m - up from US$1m - ditto the equivalent exploit for WhatsApp, Zerodium said.

Zerodium did not say why it has changed the pricing for iOS and Android vulnerabilties so dramatically. Its founder Chaouki Bekrar tweeted a screenshot of a US media story claiming that iOS exploits are flooding the market currently.

The price changes come in the wake of Google's Project Zero security team publishing details of 14-exploit chain of zero-day vulnerabilties loaded into hacked websites, and which were used to fully compromise Apple iOS devices.

While Project Zero did not identify the websites in question, United States media quoted unnamed sources saying that the attacks were targeting Uyghurs, a minority group being harshly suppressed by Chinese authorities.

Zerodium also trades in desktop and server OS and application vulnerabilties, and says its customers "are mainly government organisations in need of specific and tailored cybersecurity capabilties, and/or protective solutions to defend against zero-day attacks."

The exploit reseller says its products and services are highly restricted and only available to a limited number of organisations.

Bekrar ran another exploit trading company, the now defunct VUPEN, that counted the United States National Security Agency among its customers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
androidapplegoogleiossecurityzerodium

Partner Content

Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
Sep 4 2019
1:58PM
0 Comments

Related Articles

  • Poor patching creates easy zero-day vulnerability reuse
  • Apple patches actively exploited macOS Big Sur bug
  • Emergency patches out for exploited Apple zero-days
  • Researchers devise stealthy phone tracking without fake base stations
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
PayTo rollout kicks off

PayTo rollout kicks off
Neobank Volt exits the banking industry

Neobank Volt exits the banking industry
TPG Telecom puts fresh targets on IT simplification

TPG Telecom puts fresh targets on IT simplification

Digital Nation

Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
The security threat of quantum computing
The security threat of quantum computing
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.