Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Zerodium Temporarily Stops Purchasing iOS Exploits Due to High Number of Submissions

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,530
39,366


Zerodium this week announced that it will not be purchasing any iOS exploits for the next two to three months due to a high number of submissions. In other words, the company has so many security vulnerabilities at its disposal that it does not need any more.

ios-13-iphone-ipad-duo.jpg

Zerodium is an exploit acquisition platform that pays researchers for zero-day security vulnerabilities and then sells them to institutional customers like government organizations and law enforcement agencies. The company focuses on high-risk vulnerabilities, normally offering between $100,000 and $2 million per fully functional iOS exploit.


In an explicit tweet, Zerodium CEO Chaouki Bekrar said iOS security is in bad shape, noting that there are at least a few persistent zero-day security vulnerabilities affecting all iPhones and iPads. "Let's hope iOS 14 will be better," added Bekrar.

Apple has its own bug bounty program that offers between $5,000 and $1 million for security vulnerabilities in iOS, iPadOS, macOS, tvOS, or watchOS.

Article Link: Zerodium Temporarily Stops Purchasing iOS Exploits Due to High Number of Submissions
 
Article Link
https://www.macrumors.com/2020/05/14/zerodium-pauses-acquiring-ios-exploits/
I think this is a big fail on Apple's part, but also on the part of the consumer. The customer is always right, right? You build out what the customers are demanding because that's what they'll pay for -- unfortunately, it's my belief that this has cause devs to push code through faster that may not be as tightly wound as it used to be because we as consumers demand so many changes to iOS every year. Working for a startup myself, it's a hard line to walk; I just gotta hope that QA gets better at Apple and that they slow down a bit and focus on security rather than new features all the time.
 
  • Like
  • Disagree
  • Love
Reactions: klch, EmotionalSnow, tranceking26 and 9 others
Itada said:
The security could be better if they weren't operating a blackmarket of vulnerabilities and instead were reporting them to Apple. But hey, greed trumps the security of users I guess?
Click to expand...

This may be an oversimplification. A marketplace should be a good thing, because it provides incentive to find (and fix) the vulnerabilities. Maybe the bigger issue here is Apple is not dedicating appropriate resources.
 
  • Like
Reactions: klch, EmotionalSnow, Val-kyrie and 14 others
ElRojito said:
I think this is a big fail on Apple's part, but also on the part of the consumer. The customer is always right, right? You build out what the customers are demanding because that's what they'll pay for -- unfortunately, it's my belief that this has cause devs to push code through faster that may not be as tightly wound as it used to be because we as consumers demand so many changes to iOS every year. Working for a startup myself, it's a hard line to walk; I just gotta hope that QA gets better at Apple and that they slow down a bit and focus on security rather than new features all the time.
Click to expand...
Nonsense. iOS has been the more impervious of the two mobile OSs. Certainly that's the expectation of the buying public. So you're talking through your hat. Also, judging from the amount of malware in the wild, iOS is still the better of the two. But iOS has been a kludge on quite a number of levels, and it's this is just a new aspect of something we've all been complaining about.

"Given that Android is the biggest target for hackers, it should be no surprise that it has the most viruses, hacks, and malware attacking it. What may be a surprise is just how much more it has than other platforms.
"According to one study, 97 percent of all malware attacking smartphones targets Android.
"According to this study 0% of the malware they found targeted the iPhone (that's probably due to rounding. Some malware targets the iPhone, but it's likely less than 1%). The last 3% took aim at Nokia's old, but widely used, Symbian platform. That's just one study, of course, but the basic trend is that Android is overwhelmingly most targeted by virus writers."
www.lifewire.com

5 Ways iPhone Is More Secure Than Android

The iPhone is a safer, more secure smartphone than Android. If you're trying to decide between the two, here are five reasons iPhone security beats Android.
www.lifewire.com www.lifewire.com
 
  • Like
  • Disagree
Reactions: EmotionalSnow, tranceking26, macdaddychu and 4 others
ElRojito said:
I think this is a big fail on Apple's part, but also on the part of the consumer. The customer is always right, right? You build out what the customers are demanding because that's what they'll pay for -- unfortunately, it's my belief that this has cause devs to push code through faster that may not be as tightly wound as it used to be because we as consumers demand so many changes to iOS every year. Working for a startup myself, it's a hard line to walk; I just gotta hope that QA gets better at Apple and that they slow down a bit and focus on security rather than new features all the time.
Click to expand...

Uh, I don’t think we’re demanding so many changes to iOS every year. Apple chooses to shovel a bunch of them out so they can have something to promote new iOS releases. It’s also the case that nothing requires Apple to do a major iOS update every year. I would much rather see them do what they used to do with macOS: release major new versions whenever they had something worth releasing, without the quality drop that comes from rushing it, which was usually longer than yearly.
 
  • Like
Reactions: klch, Coastie8075b, sideshowuniqueuser and 9 others
Blackstick said:
Now that’s a bold claim if only for the severe fragmentation and outdated OS’s on that side.
Click to expand...
Stock Android may be full of holes, but according to the security researchers I follow, the later Android OSes have better APIs and capabilities to lock down your phone depending on your threat model.

iOS isn't bad by default, but it's not the most secure there is anymore.
 
  • Like
Reactions: EmotionalSnow, GeoStructural and motulist
Itada said:
The security could be better if they weren't operating a blackmarket of vulnerabilities and instead were reporting them to Apple. But hey, greed trumps the security of users I guess?
Click to expand...
I think you're missing the /s sarcasm tag. It's not Zerodium's job to protect the security of iOS users. That's Apple's job. The security could be better if Apple did their job better by ensuring the OS is as exploit-free as possible. If Zerodium has to stop buying vulnerabilities because there are so many, Apple isn't ensuring the OS is as exploit-free as possible.

The vulnerabilities are the sole responsibility of Apple. Security is hard. Very hard and always has to be ever evolving to stay ahead of those who'd violate it. So I don't envy their job in that aspect. But make no mistake, it is Apple's job to do. Not Zerodium's.
 
  • Like
  • Love
  • Disagree
Reactions: M3gatron, EmotionalSnow, Val-kyrie and 11 others
dude-x said:
Stock Android may be full of holes, but according to the security researchers I follow, the later Android OSes have better APIs and capabilities to lock down your phone depending on your threat model.

iOS isn't bad by default, but it's not the most secure there is anymore.
Click to expand...
I kind of find (kind of...stick with me...) what you say hard to believe. If only because there are a million fragmented versions of Android that have a ****-ton of manufacture holes punched in it. Knowing what the vulnerabilities of any one device - that's rather tough to judge. Not to mention the issue of installing apps from numerous stores all with various levels of security concern. There will always be security issues. But, and I'm open to being wrong, with the tens of thousands of different Android versions and install variations and add-ons, how could Android offer anything near what iOS does? Plus so much of Google tech is about following you online and offline and reporting that back. Doesn't that inherently mean there's a lot more that could go wrong? How locked down can the system be when it's built around data mining?
 
xnsys said:
Hate to play devils advocate - but how do we know that the claim from the company is fact or fiction? If you wanted to be a company seeking the limelight what would you do? Would you pull a stunt like this? Or would you do something else?
Click to expand...
Why would Zerodium announce that the product they sell for a hefty premium to governments and corporations is now so pervasive in the market that Zerodium has to back off buying it for a while? They also announce they're going to pay less for it when they start buying again. Subsequently, aren't their customers going to expect to pay less for what they do buy? Ya know, since the market is apparently flooded.

Why would a company like Zerodium be seeking the limelight? They have been quietly and openly doing their thing for a long time. They don't benefit from the spotlight. Their customers and customers of companies like them, know exactly who they are.
 
  • Like
  • Love
Reactions: Val-kyrie, na1577, Analog Kid and 2 others
dude-x said:
:O

I have seen security professionals say that Android has surpassed iOS in terms of security and hardening. So Apple needs to develop better tooling to shake out these bugs.
Click to expand...

Who is making these claims?
iOS: Your device can be easily accessed and your data compromised.
android: all your data is compromised as detailed in the TOS.
 
  • Like
Reactions: Brandhouse, julesme and RalfTheDog
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back