Security News > 2020 > May > 'iOS security is f**ked' says exploit broker Zerodium: Prices crash for taking a bite out of Apple's core tech
On Wednesday, the software exploit broker said it won't pay anything for some iOS bugs due to an oversupply.
Apple's iOS 13 has been particularly buggy, enough that SVP of software engineering Craig Federighi reportedly overhauled the company's internal software testing process to avoid a repeat when iOS 14 arrives later this year.
The market for iOS vulnerabilities took a hit last September when Zerodium said for the first time that it would pay more for flaws in Android than in iOS. That was a month after Google's Project Zero disclosed five privilege escalation exploit chains affecting iOS versions 10-12.
Asked whether Zerodium's statement reflects the actual state of iOS security or should be taken as a company just trying to make waves, Patrick Wardle, principal security researcher at Jamf Security and founder of Objective-See, told The Register that it's probably a bit of both.
"To iOS security researchers/hackers, it's unlikely that Zerodium's statement comes as a surprise," he said.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/14/zerodium_ios_flaws/
Related news
- Asda security chief replaced, retailer sheds jobs during Walmart tech divorce (source)
- New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones (source)
- iOS 18 added secret and smart security feature that reboots iThings after three days (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Critical security hole in Apache Struts under exploit (source)