Security News > 2020 > May > 'iOS security is f**ked' says exploit broker Zerodium: Prices crash for taking a bite out of Apple's core tech
On Wednesday, the software exploit broker said it won't pay anything for some iOS bugs due to an oversupply.
Apple's iOS 13 has been particularly buggy, enough that SVP of software engineering Craig Federighi reportedly overhauled the company's internal software testing process to avoid a repeat when iOS 14 arrives later this year.
The market for iOS vulnerabilities took a hit last September when Zerodium said for the first time that it would pay more for flaws in Android than in iOS. That was a month after Google's Project Zero disclosed five privilege escalation exploit chains affecting iOS versions 10-12.
Asked whether Zerodium's statement reflects the actual state of iOS security or should be taken as a company just trying to make waves, Patrick Wardle, principal security researcher at Jamf Security and founder of Objective-See, told The Register that it's probably a bit of both.
"To iOS security researchers/hackers, it's unlikely that Zerodium's statement comes as a surprise," he said.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/14/zerodium_ios_flaws/
Related news
- Apple releases iOS 18, with security and privacy improvements (source)
- More than 3 in 4 Tech Leaders Worry About SaaS Security Threats, New Survey Reveals (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites (source)
- Docker-OSX image used for security research hit by Apple DMCA takedown (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- Apple's latest macOS release is breaking security software, network connections (source)
- US proposes ban on Chinese, Russian connected car tech over security fears (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)