Zerodium says it’s dropping prices for iOS exploits

May 18, 2020 03:43 GMT  ·  By

Zerodium, a company that’s willing to pay up to $2 million for exploits in Apple’s iOS operating system, says it’s actually lowering its prices because the number of hacks aimed at this platform has increased substantially lately.

In other words, the firm is no longer willing to spend so much money on iOS hacks simply because there are too many.

“iOS security is fu**ed,” Chaouki Bekrar, CEO and founder of Zerodium, said in a tweet.

Zerodium says one possible reason for the spike in the number of exploits aimed at iOS could the growing number of researchers looking for security bugs in Apple’s operating system, as well as jailbreaks that make it possible to closely inspect the code with reverse engineering.

iOS 14

As a result, the company is no longer interested in specific types of iOS exploits for a few months, it says.

“We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors. Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future,” Zerodium announced on Twitter.

Bekrar claims Apple’s platform is close to going to zero because of all these security issues.

“Only PAC and non-persistence are holding it from going to zero...but we're seeing many exploits bypassing PAC, and there are a few persistence exploits (0days) working with all iPhones/iPads. Let's hope iOS 14 will be better,” he says.

Apple is projected to unveil iOS 14 in the fall, most likely alongside the new-generation iPhone models. However, a preview of this operating system update is expected to be announced at the WWDC conference, with an early beta to be shipped to testers shortly after the event.