» 뉴스 » Zerodium 최초의 iOS 용보다 비싼 안드로이드에 대한 공격을 평가

Zerodium 최초의 iOS 용보다 비싼 안드로이드에 대한 공격을 평가

잘 알려진 취약점 브로커, Zerodium, 그 가격리스트를 업데이트했습니다, 지금은 안드로이드에 대한 역사 공격에서 처음으로 iOS 용 공격보다 더 비싸다.

나는S researchers have the opportunity to earn on 0-day bugs for Android, 의 동작은 사용자의 상호 작용을 필요로하지 않습니다, 까지 $2,500,000. 아이폰 OS 비용 비슷한 공격 $2,000,000.

그러므로, Zerodium raised the rewards for such exploits for Android by almost 12 times compared to last year (recalling, earlier problems in the Google operating system could bring no more than $200,000). For vulnerabilities of a smaller caliber, the cost has increased by 이상 100 타임스. The announcement was definitely timed to coincide with the official release of Android 10, which also took place yesterday, 구월 3, 2019.

또한, the vulnerability broker raised the cost of exploits for messengers, regardless on which OS they are running. Now the RCE and LPE problems in WhatsApp and iMessage are estimated at $1,500,000, even if the exploit does not allow maintaining presence in the system after a reboot.

If the problem requires user interaction, the price for the exploit chain reduced to $1,000,000 for bugs in WhatsApp and up to $500,000 for bugs in iMessage. Last year, such vulnerabilities would bring researchers no more than $500,000.

아이폰 OS에 비해 안드로이드 더 비싼
Zerodium payouts

The head of Zerodium, Chauki Bekrar, 이야기 ZDNet의 reporters that raising prices, his company only responds to market trends.

The fact is that the Zerodium business model (because of which the company was repeatedly subjected to harsh criticism) is such that the company keeps information about 0-day found independently and bought from third parties in secret, while reselling them to large companies, government organizations and law enforcement agencies structures. 예를 들면, the NSA or the military. 그러므로, the price increase can be explained by the interest that Zerodium clients (그건, law enforcement agencies and government agencies around the world) are showing to Android problems.

독서  RIG 모집 사업자가 네트워크를 통해 ERIS 코더를 배포하기 시작했다 악용

Bekrar says that due to the large fragmentation of the Android device market, the company is primarily interested in bugs in the devices Google, Samsung, Huawei and Sony, although other brands will also not be ignored.

“In the past few months, we have seen an increase in the number of exploits for iOS, mainly for Safari and iMessage, which are created and sold by researchers from around the world. The 0-day market saturated with exploits for iOS that recently we even started to abandon some of them. 다른 한편으로는, thanks to Google and Samsung’s security teams, Android’s security is improving with each new release, so developing complete exploit chains for Android has become a complex and time-consuming task, outperforming even creating zero-click exploits that do not require user interaction”, says Bekrar, explaining the price increase.

Beckrar notes that Android exploits will be valued higher than iOS exploits until Apple improves iOS security and strengthens its weaknesses, such as iMessage and Safari (Webkit and sandbox).

[합계: 0    평균: 0/5]

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

공격자는 Checkm8 탈옥을 사용

공격자는 적극적으로 자신의 목적을 위해 신선한 Checkm8 탈옥을 사용

시스코 탈로스 전문가들은 공격자가 적극적으로 Checkm8 탈옥을 사용하는 사용자에게 경고. 끝에 …

활주로 악성 코드 맥 OS 공격

활주로 악성 코드는 맥 OS 사용자를 공격

Confiant는 발견 미국에서 악의적 인 광고 캠페인, 이탈리아와 일본은 확산되었다 …

회신을 남겨주