Recently exploit broker Zerodium has announced that they are willing to pay up to $1.5 million if they could be presented with a zero-day exploit that will work against fully-patched iPhones and iPads. This is a lot of money as prior to this, the group was paying out $500,000. This is also about 7.5 times more than what they are paying for Android exploits which is at $200,000.
Speaking to ArsTechnica, Zerodium’s founder Chaouki Bekrar said, “Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions. That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both.”
It will be interesting to see who can claim the bounty, although it seems that it will be quite hard as the exploit needs to work pretty much flawlessly, but if anything we guess it’s good since if an exploit worth $1.5 million is found, it’s definitely one that needs to be fixed, although given that Zerodium seems to deal more with government agencies than the companies themselves, hopefully Apple will be able to stay on top of it.