Pago Zerodium para Android Exploits salta a $ 2.5M, iOS baja de precio
CYBER NOTICIAS

Pago Zerodium para Android Exploits salta a $ 2.5M, iOS baja de precio

1 Star2 Stars3 Stars4 Stars5 Stars (Sin clasificación todavía)
Cargando ...

Zerodium, a “leading exploit acquisition platform for premium zero-days and advanced cybersecurity research", ha actualizado su lista de precios. Al parecer,, exploits Android son ahora más caros que explota iOS, por primera vez en la historia.




Zerodium is now paying much more for Android exploits, iOS exploits price drops

Zerodium is promoted as a company that pays “BIG bounties to security researchers to acquire their original and previously unreported zero-day research". The company has been focused on high-risk vulnerabilities with fully functional exploits. Their payout can reach up to $2 million per submission.

In its latest update, Zerodium’s pricelist is putting Android exploits ahead of iOS ones. From now, an Android zero-click exploit chain that requires no user interaction could get researchers a payout of up to $2.5 millones, whereas the same exploit chain in iOS is estimated at $2 millones.

Compared to what Zerodium was offering last year, the price for Android exploits has jumped multiple times, as the payout used to be up to $200,000.

Here’s a list of the changes the company made to its pricelist:

New Payouts (Mobiles):
$2,500,000 – Android full chain (Zero-Click) with persistence (New Entry)
$500,000 – Apple iOS persistence exploits or techniques (New Entry)
Increased Payouts (Mobiles):
$1,500,000 – WhatsApp RCE + LPE (Zero-Click) without persistence (previously: $1,000,000)
$1,500,000 – iMessage RCE + LPE (Zero-Click) without persistence (previously: $1,000,000)
Decreased Payouts (Mobiles):
$1,000,000 – Apple iOS full chain (1-Haga clic en) with persistence (previously: $1,500,000)
$500,000 – iMessage RCE + LPE (1-Haga clic en) without persistence (previously: $1,000,000)
Desktops/Servers:
No modifications

Why are Android exploits more valuable now?

According to a tweet from the company’s Twitter account, the updates in the prices “for major Mobile exploits” is “in accordance with market trends."

"Por primera vez, we will be paying more for Android than iOS. We’ve also increased WhatsApp & iMessage (0-hacer clic) but reduced the payout for iOS (1-hacer clic) in accordance with market trends,” the company said.

Considering the nature of Zerodium’s work, the price changes may be linked to the growing interest in Android exploits from law enforcement and government agencies.

Hace un par de días, several privilege escalation exploit chains were discovered in iOS devices by Google’s Threat Analysis Group (TAG) and Project Zero teams.

The vulnerabilities were actively used by threat actors who also used compromised websites to carry out watering hole attacks against iPhone users. Almost all versions between iOS 10 y iOS 12 fueron afectados. The websites used in these attacks were visited thousands of times on a weekly basis.

En 2016, the company was willing to pay $1.5 millones for a remote exploit, at the time of the release of iOS 10. En comparación, back then Apple was offering $200,000 for iOS zero-day vulnerabilities via its private bug bounty program.

avatar

Milena Dimitrova

Un escritor inspirado y gestor de contenidos que ha estado con SensorsTechForum de 4 año. Disfruta ‘Sr.. Robot’y miedos‘1984’. Centrado en la privacidad de los usuarios y el desarrollo de malware, ella cree firmemente en un mundo donde la seguridad cibernética juega un papel central. Si el sentido común no tiene sentido, ella estará allí para tomar notas. Esas notas pueden convertirse más tarde en artículos!

Más Mensajes

Dejar un comentario

Su dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

Se agotó el tiempo límite. Vuelve a cargar de CAPTCHA.

Compartir en Facebook Compartir
Cargando ...
Compartir en Twitter Pío
Cargando ...
Compartir en Google Plus Compartir
Cargando ...
Compartir en Linkedin Compartir
Cargando ...
Compartir en Digg Compartir
Compartir en Reddit Compartir
Cargando ...
Compartir en Stumbleupon Compartir
Cargando ...