A glut of iOS 0-days pushes their price below cost of those for Android

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2019/09/for-the-first-time-ever-android-0days-cost-more-than-ios-exploits/

By Dan Goodin
Ars Technica
9/3/2019

For the first time ever, the security exploit broker Zerodium is paying a 
higher price for zero-day attacks that target Android than it pays for 
comparable attacks targeting iOS.

An updated price list published Tuesday shows Zerodium will now pay $2.5 
million apiece for “full chain (Zero-Click) with persistence” Android zero-days 
compared with $2 million for iOS zero-days that meet the same criteria. The 
previous program overview offered $2 million for unpublished iOS exploits but 
made no reference at all to the exploits for Android. Zerodium founder and CEO 
Chaouki Bekrar told Ars the broker paid on a “case by case basis depending on 
the chain” for Android exploits.

"Flooded by iOS exploits"

Bekrar told Ars the move was prompted by a glut of working iOS exploit chains 
that has coincided with the growing difficulty of finding comparable exploits 
for versions 8 and 9 of Android. In a message, Bekrar wrote:

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_