Exploit Vendor Offers $1.5 Million for iOS 10 Zero-Days

[Jack]

Zerodium, a company that buys zero-day exploits and then sells them to government agencies around the world, has raised its prices for a series of security flaws it desperately wants to get its hands on.

First and foremost, the company has tripled the price it pays for an iOS zero-day. While last year Zerodium held a competition and paid $1 million for the first three iOS 9 zero-days, the company lowered the price to $500,000 afterward.

With the recent release of iOS 10, Zerodium has now once again hiked the price for iOS zero-days, agreeing to pay $1.5 million for a remote exploit that allows a third party full control over the device.

Just like last year, the company will pay for exploits that work against the latest patched iOS version, which means Zerodium is not interested in iOS 9 exploits. On the other hand, Apple is offering up to $200,000 for iOS zero-days via its private, invite-only bug bounty program.

Read more: http://news.softpedia.com/news/exploit-vendor-offers-1-5-million-for-ios-10-zero-days-508808.shtml

 

[CMLew]

Curious: Why would a company (Zerodium) sell this zero-day exploit to govt agency for? Shouldn't they sell it to Apple back?

Btw: voted YES. No software in the world is perfect.

 

[hjlbx]

Curious: Why would a company (Zerodium) sell this zero-day exploit to govt agency for? Shouldn't they sell it to Apple back?

Btw: voted YES. No software in the world is perfect.

Government agencies like NSA and GCHQ pay much higher prices than OEMs...

 

[CMLew]

Government agencies like NSA and GCHQ pay much higher prices than OEMs...

Hmm.. thats interesting. What are they going to use it for? Spy us?

 

[hjlbx]

What are they going to use it for? Spy us?

Exactly...

 

[LabZero]

And we are worried about MS telemetry...

 

[_CyberGhosT_]

And we are worried about MS telemetry...

lol, Right.
Great share Jack

 

[Ana_Filiz]

Guys, regarding to this so called "issue", I recommend all of you watching the movie: Zero Days. This movie wiil always be so actual and real.
http://www.imdb.com/title/tt5446858/

 

[LabZero]

Guys, regarding to this so called "issue", I recommend all of you watching the movie: Zero Days. This movie wiil always be so actual and real.
http://www.imdb.com/title/tt5446858/

Yeah the real cyberwar including NSA.

 

[hjlbx]

And we are worried about MS telemetry...

Telemetry not the problem ? Government is the problem ?

Government can compel Microsoft to hand over all data and connect data to users via a National Security letter that includes a gag order. Government can compel Microsoft to zero-in on one user system out of hundreds of millions of systems. If Microsoft refuse to comply with that National Security request or releases infos about it, then Government can indict Microsoft. No U.S. company has ever survived indictment. As soon as the indictment is issued - without even going to court for criminal proceedings - the company is absolutely kaput. The world financial markets value a company under indictment = $0.

So Microsoft will identify a user's data and hand it over... user is screwed by virtue of using Windows.

So... which is problem... the chicken or the egg ? Telemetry or Government ?

First thing is that government officials, employees, administrations are corrupt and will abuse whatever they can, when they can, as it suites them, when they see fit.

If there were no telemetry, then Government could not compel Microsoft to release user data as there would be no user data collected and stored by Microsoft in the first place. Telemetry is anonymized, but government can compel Microsoft to modify it - broadly or specific to a single user's system. People don't realize this -- that this is actually how it works...

Windows and Microsoft are governments' best friends... followed by for sale exploits.

 

[hjlbx]

There is actually someone in US Congress that wants:

1. All computer systems, OSes and certain softs sold in US to be registered with US federal government like firearms
2. Physical system and OS tracking with US government monitoring capabilities built-in
3. Non-transferable
4. User license\registration required to purchase systems\softs
5. Violation of 1 - 4 = criminal offense... send violators to the klink - or probably Guatanamo Bay...

We live in tough times bros...

Think of it. Maybe in future you will have to be fingerprinted at Best Buy to buy a laptop.

"We are such fearful human beings that we will take away the entire world's rights and privacy so that we can feel secure."

 

[LabZero]

Not a fresh news, but NSA and GCHQ would have also exploited Angry Birds, YouTube, and Google Maps to get profiles and collect personal information of hundreds of millions of people and the right to privacy of the users has been reset for reasons related to the national and international security.
By collecting metadata, and cookies from these and other applications, NSA and GCHQ were able to trace personal profiles for several years, virtually every detail of a person's life.

 

[hjlbx]

Not a fresh news, but NSA and GCHQ would have also exploited Angry Birds, YouTube, and Google Maps to get profiles and collect personal information of hundreds of millions of people and the right to privacy of the users has been reset for reasons related to the national and international security.
By collecting metadata, and cookies from these and other applications, NSA and GCHQ were able to trace personal profiles for several years, virtually every detail of a person's life.

Implanted tracking chips at birth will come at some point in the future. Not in our lifetimes, but it will happen...

IT is fundamentally changing most everything...

 

[Entreri]

iOS is a very robust system and I think Apple now updates the iOS more frequently. I can see why governments are desperate for zero day exploits to it.

 

[Exterminator]

Voted yes.
Politics aside,it is only a matter of time.Windows was always the OS exploited and Linux & iOS were rarely if at all exploited.
However this has now changed and we can see that being more evident everyday.

 

[jamescv7]

This just shows that any software which dormant of least in the wild vulnerabilities attacks have more chances to expose future holes.

So the price mentioned is definitely acceptable.

Everything is dual effect,

 

[Tony Cole]

So they can hack criminals, which I 100% agree with, we need the capability to do so. What the NSA and GCHQ are looking for is criminal gangs, terrorism etc., the everyday person is nothing to these guys. Without these technologies how do people think we can stop terrorist attacks before they happen, stop sexual predators trafficking children for sex and much, much more.

 

[exCode]

Guys, regarding to this so called "issue", I recommend all of you watching the movie: Zero Days. This movie wiil always be so actual and real.
http://www.imdb.com/title/tt5446858/

I'm going to watch that so hard even though I know it's probably going to be terrible.

 

[_CyberGhosT_]

Implanted tracking chips at birth will come at some point in the future. Not in our lifetimes, but it will happen...

IT is fundamentally changing most everything...

In a state east of us (Illinois) there has been long time talk of chipping Licenses so that when you walk into a store equipped with a special camera, it
detects the chip, then will display on the screen all that persons vitals, and statistics, including traffic, and criminal history ect.

 

[hjlbx]

In a state east of us (Illinois) there has been long time talk of chipping Licenses so that when you walk into a store equipped with a special camera, it
detects the chip, then will display on the screen all that persons vitals, and statistics, including traffic, and criminal history ect.

Seems all very Orwellian-Auschwitz to me....