Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
Good news for bug hunters and bad news for manufacturers and developers. Earlier this week, the well-known vulnerability broker Zerodium announced significant price increases for various exploits.
If earlier for a stable remote jailbreak for iOS they offered 1.5 million US dollars, now the size of the payment has increased to 2 million. Let me remind you that a prerequisite for such a jailbreak is the absence of any user interaction, that is, everything should happen automatically. If minimal user interaction is still required, such an exploit would be priced at $ 1.5 million.
In addition, payments for zero-day RCE vulnerabilities and exploits for them in WhatsApp and iMessage messengers, as well as applications for working with SMS / MMS on various platforms, have doubled. Previously, exploiting such bugs could earn up to $ 500,000, and now up to $ 1 million. Interestingly, 0-day vulnerabilities in Signal, Telegram and Facebook Messenger still cost $ 500,000.
The new version of the changed "price list" of the company can be seen below.
Founded in 2015 by Chaouki Bekrar, one of the founders of Vupen, Zerodium is one of the most prominent vulnerability brokers on the market. While Vupen has been primarily engaged in the development of its own exploits, Zerodium not only has its own development team, but also actively acquires exploits and vulnerabilities from third parties.
The model of Zerodium (which the company has repeatedly been subjected to harsh criticism) is such that the company keeps information about 0-day found independently and purchased from parties third secret, while reselling them to large companies, government organizations and law enforcement agencies. For example, the NSA or the military.
