Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Who is making these claims?
iOS: Your device can be easily accessed and your data compromised.
android: all your data is compromised as detailed in the TOS.
Care to quote relevant statements in TOC?

Zerodium started paying more for Android vulnerabilities than for iOS ones back in 2019:

For the first time, exploit sellers who provide Zerodium with fresh break-in techniques for Android devices can now earn more money from those tools than they would for similar hacks of iOS devices, the company announced Tuesday.

The Washington, D.C., firm just updated its price list, promising to pay $2.5 million to hackers who demonstrate a zero-click exploit chain, a powerful tool that requires no user interaction, for Android devices. Compare that to the $1 million reward available for a one-click iOS full chain exploit, knocked down today from $1.5 million.


It does indicate that the supply of iOS vulnerabilities is more plentiful than the Android ones.
 
Why would Zerodium announce that the product they sell for a hefty premium to governments and corporations is now so pervasive in the market that Zerodium has to back off buying it for a while? They also announce they're going to pay less for it when they start buying again. Subsequently, aren't their customers going to expect to pay less for what they do buy? Ya know, since the market is apparently flooded.

Why would a company like Zerodium be seeking the limelight? They have been quietly and openly doing their thing for a long time. They don't benefit from the spotlight. Their customers and customers of companies like them, know exactly who they are.

Because they have made themselves sound like they are the number one place to go for iOS exploits, they have had free marketing as a lot of people wouldn't have heard about them before.

Why? Because they will now have a lot of people after their services, paying for them - in a climate that companies are struggling, which if they aren't paying for anymore, sounds as though they are and have a bit of a cash-flow problem.
 
Care to quote relevant statements in TOC?

Zerodium started paying more for Android vulnerabilities than for iOS ones back in 2019:

For the first time, exploit sellers who provide Zerodium with fresh break-in techniques for Android devices can now earn more money from those tools than they would for similar hacks of iOS devices, the company announced Tuesday.

The Washington, D.C., firm just updated its price list, promising to pay $2.5 million to hackers who demonstrate a zero-click exploit chain, a powerful tool that requires no user interaction, for Android devices. Compare that to the $1 million reward available for a one-click iOS full chain exploit, knocked down today from $1.5 million.


It does indicate that the supply of iOS vulnerabilities is more plentiful than the Android ones.

Here. And yes, it's relevant. No, we can't treat android as independent of the rest of their products. No, Google doesn't get a pass for making some of their content open sources. No, being able to modify the device doesn't change anything. No, flavors provided by hardware manufacturers don't change anything.
 
I kind of find (kind of...stick with me...) what you say hard to believe. If only because there are a million fragmented versions of Android that have a ****-ton of manufacture holes punched in it. Knowing what the vulnerabilities of any one device - that's rather tough to judge. Not to mention the issue of installing apps from numerous stores all with various levels of security concern. There will always be security issues. But, and I'm open to being wrong, with the tens of thousands of different Android versions and install variations and add-ons, how could Android offer anything near what iOS does? Plus so much of Google tech is about following you online and offline and reporting that back. Doesn't that inherently mean there's a lot more that could go wrong? How locked down can the system be when it's built around data mining?
I think a good way to view it is the NSA gives out iPhones to most low level employees for use. However the special operations type groups get androids. Android can be way more secure if the user and manufacturer configure it that way however the average Samsung or even Pixel user is at higher risk than an iOS user with the same uses. Buying a secure android isnt even affordable for the average person and wouldn't be all that useful with most functions disabled.
 
The problems with Apple is their Software Engineering. Their Hardware is great. Software is not quite. And Swift is still not getting anywhere.

Because of those constant attack on Android and how Apple position themselves as being more secure, Google spent a lot of time in past few years on Android Security. ( That is on the latest Android, which means Android update is still a problem ).

How many times was it that Unicode could crash iOS?

I am increasingly losing faith in Craig Federighi.
 
This is pretty meaningless. It’s supply and demand, if they have one exploit that works, and they sell it, no need to have more. There is no need for Zerodium to buy exploits, if government agencies aren‘t buying them because they have a working exploit.

Zeroduim’s comment could mean they have 1000 exploits and don’t need anymore, or they have 3 exploits and don’t need anymore. One thing for sure is that they want some new headlines.
 
This is pretty meaningless. It’s supply and demand, if they have one exploit that works, and they sell it, no need to have more. There is no need for Zerodium to buy exploits, if government agencies aren‘t buying them because they have a working exploit.

Zeroduim’s comment could mean they have 1000 exploits and don’t need anymore, or they have 3 exploits and don’t need anymore. One thing for sure is that they want some new headlines.

Bingo. This is effectively a free advertisement for them, hosted by MacRumors.
 
Because they have made themselves sound like they are the number one place to go for iOS exploits, they have had free marketing as a lot of people wouldn't have heard about them before.
That's silly. Any government or corporation looking to buy iOS security exploits knows who Zerodium is. They know who all the major players are in that field.

Why? Because they will now have a lot of people after their services, paying for them - in a climate that companies are struggling, which if they aren't paying for anymore, sounds as though they are and have a bit of a cash-flow problem.
This is even sillier. The audience for the exploits is small because the dollars involved in acquiring the exploits. Why would a lot of people all of a sudden want to start paying millions for iOS vulernabilities? They'll buy them and do what?
 
It depends on the attack vector, ease of infection and severity of the exploit. It also depends on the operating system version. Zero day exploits that are not erased by a reboot are the real issue and that is not known. If it were so easy to walk into IOS the FBI would not have asked Apple for help.

As far as paying more for android, maybe this is one instance where marketshare rules.

 
  • Like
Reactions: DCIFRTHS
Here. And yes, it's relevant. No, we can't treat android as independent of the rest of their products. No, Google doesn't get a pass for making some of their content open sources. No, being able to modify the device doesn't change anything. No, flavors provided by hardware manufacturers don't change anything.
All I see there is this: "We don’t sell your personal information to anyone"
Apple has the same, so what's your point? Both Google and Apple access user data for improving their services.
 
  • Like
Reactions: adóbò láwìn
Because of those constant attack on Android and how Apple position themselves as being more secure, Google spent a lot of time in past few years on Android Security. ( That is on the latest Android, which means Android update is still a problem ).

Situation is the same on Windows and macOS. Microsoft has developed some very advanced techniques, often led by the Xbox, of all things. Meanwhile, Apple has continually failed to invest or improve.
 
  • Like
Reactions: adóbò láwìn
Situation is the same on Windows and macOS. Microsoft has developed some very advanced techniques, often led by the Xbox, of all things. Meanwhile, Apple has continually failed to invest or improve.
And Microsoft still issues it's fair share of patches for various things including zero day vulnerabilities.
 
Is not it the issue at hand? Microsoft (and Google) do issue the patches for zero day vulnerabilities while Apple does not (because they are unable to find them)?
How many zero day vulnerabilities were remediated by Microsoft and Google that were found by security researchers outside of the organizations. My guess is more than one, which means Microsoft and Google couldn't find them either.

 
  • Like
Reactions: 69Mustang
All I see there is this: "We don’t sell your personal information to anyone"
Apple has the same, so what's your point? Both Google and Apple access user data for improving their services.

It's legalsleaze. They don't sell the raw data but they sell access to it. It's the same thing. An honest government would strike this down as misleading and charge them with fraud. Content on my device is being used to manipulate purchase decisions for the organization who pays Google the most. Why does google need the content of an email to improve their service? Why do they need to know the objects in photos I personally take to improve their cameras? They don't. They need that information to charge more for advertising.
 
It's legalsleaze. They don't sell the raw data but they sell access to it. It's the same thing. An honest government would strike this down as misleading and charge them with fraud. Content on my device is being used to manipulate purchase decisions for the organization who pays Google the most. Why does google need the content of an email to improve their service? Why do they need to know the objects in photos I personally take to improve their cameras? They don't. They need that information to charge more for advertising.
If it is the same then can you go and buy my personal data from Google? Try it and then tell us if it's the same.
 
  • Like
Reactions: TechieGeek
I’m wondering if this could be PR spin. Perhaps Zerodium is facing a liquidity/cash crunch. Companies and governments may be slashing their budgets to get back to profitability and contracts with Zerodium might not be considered essential. Thus, Zerodium needs to enact cost saving measures of their own including not purchasing as many zero-days. The PR spin turns this situation into “there’s so many bugs that we are temporarily stopping the purchase”.

Even if there are a lot of bugs, it doesn’t make sense to me that Zerodium wouldn’t want them all if they can afford it. Something else is up.
 
I’m wondering if this could be PR spin. Perhaps Zerodium is facing a liquidity/cash crunch. Companies and governments may be slashing their budgets to get back to profitability and contracts with Zerodium might not be considered essential. Thus, Zerodium needs to enact cost saving measures of their own including not purchasing as many zero-days. The PR spin turns this situation into “there’s so many bugs that we are temporarily stopping the purchase”.

Even if there are a lot of bugs, it doesn’t make sense to me that Zerodium wouldn’t want them all if they can afford it. Something else is up.
If they were facing liquidity crunch, would not they also have stopped buying Android vulnerabilities?
 
I’m wondering if this could be PR spin. Perhaps Zerodium is facing a liquidity/cash crunch. Companies and governments may be slashing their budgets to get back to profitability and contracts with Zerodium might not be considered essential. Thus, Zerodium needs to enact cost saving measures of their own including not purchasing as many zero-days. The PR spin turns this situation into “there’s so many bugs that we are temporarily stopping the purchase”.

Even if there are a lot of bugs, it doesn’t make sense to me that Zerodium wouldn’t want them all if they can afford it. Something else is up.
That's been my thought. They are trying to prop up the value of their product. We aren't buying any more stuff so what we have stays valuable. Plus this is a chance to lower the acquisition pricing on future exploits.
 
I stopped submitting bug reports to Apple years ago.

In my opinion Mac OS X 10.7 was Apple's inflection point of poorer software quality.

It’s curious that you think Apple’s overall software quality has been going downhill ever since 2011.

On an unrelated note, what did you think about the article?
 
In an explicit tweet, Zerodium CEO Chaouki Bekrar said iOS security is in bad shape
WON'T SOMEONE THINK OF THE CHILDREN!?!? Does anyone under the age of 18 actually read MacRumors? If so, who gives a f*** if they see a swear word? And yes, I'm censoring myself because I have no idea if I'm allowed to swear on here haha.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.