Thus, Zerodium raised the rewards for such exploits for Android by almost 12 times compared to last year (recalling, earlier problems in the Google operating system could bring no more than $200,000). For vulnerabilities of a smaller caliber, the cost has increased by more than 100 times. The announcement was definitely timed to coincide with the official release of Android 10, which also took place yesterday, September 3, 2019.
Additionally, the vulnerability broker raised the cost of exploits for messengers, regardless on which OS they are running. Now the RCE and LPE problems in WhatsApp and iMessage are estimated at $1,500,000, even if the exploit does not allow maintaining presence in the system after a reboot.
If the problem requires user interaction, the price for the exploit chain reduced to $1,000,000 for bugs in WhatsApp and up to $500,000 for bugs in iMessage. Last year, such vulnerabilities would bring researchers no more than $500,000.
The head of Zerodium, Chauki Bekrar, told ZDNet reporters that raising prices, his company only responds to market trends.
The fact is that the Zerodium business model (because of which the company was repeatedly subjected to harsh criticism) is such that the company keeps information about 0-day found independently and bought from third parties in secret, while reselling them to large companies, government organizations and law enforcement agencies structures. For example, the NSA or the military. Thus, the price increase can be explained by the interest that Zerodium clients (that is, law enforcement agencies and government agencies around the world) are showing to Android problems.
Bekrar says that due to the large fragmentation of the Android device market, the company is primarily interested in bugs in the devices Google, Samsung, Huawei and Sony, although other brands will also not be ignored.
“In the past few months, we have seen an increase in the number of exploits for iOS, mainly for Safari and iMessage, which are created and sold by researchers from around the world. The 0-day market saturated with exploits for iOS that recently we even started to abandon some of them. On the other hand, thanks to Google and Samsung’s security teams, Android’s security is improving with each new release, so developing complete exploit chains for Android has become a complex and time-consuming task, outperforming even creating zero-click exploits that do not require user interaction”, says Bekrar, explaining the price increase.
Beckrar notes that Android exploits will be valued higher than iOS exploits until Apple improves iOS security and strengthens its weaknesses, such as iMessage and Safari (Webkit and sandbox).
About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…
About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…
About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…
About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…
About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…
About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…