Security firm claims to stop buying vulnerabilities in iOS because it is too abundant

A company that specializes in buying security holes and exploits from hackers said it has stopped buying exploits on iOS because there are so many “items”.

Zerodium is a well-known cyber security company that pays developers to get the vulnerabilities and exploit the software they find. Especially in many cases, the amount that Zerodium pays developers is much higher than Apple’s flaw finding bounty program.

The tweet notifies Zerodium’s types of iOS exploits

But on Wednesday, the company said it would stop buying any preemptive exploit, remote execution code, or way of bypassing the iOS sandbox “within the next 2 to 3 months because of too many people submitted. ” Besides, the company also said that the price for certain types of vulnerabilities in Safari on iOS will also drop sharply in the near future.

In a recent tweet, Zerodium founder Chaouki Bekrar said that iOS security is worth “throwing away”. He added that the lack of uniformity and a security mechanism called PAC (pointer authentication codes) are two factors that make iOS’s security “almost unavailable.”

The criticism of Chaouki Bekrar, the founder of Zerodium, regarding the security capabilities of iOS.

Perhaps part of this is that the world is still in a blockade phase on a large scale and so security researchers have more time to explore these vulnerabilities. Another factor may be that iOS 13 is indeed surprisingly buggy – a fact that caused Apple Software Director Craig Federighi to reorganize the whole process of developing the next iOS version. .

Therefore, Bekrar said: “Let’s hope iOS 14 will be better.”

This is not the first time Zerodium has witnessed the abundance of iOS exploits. In September 2019, the company once said it had to pay for Android mining vulnerabilities more money than iOS due to an oversupply.

Refer to Apple Insider