Zerodium Temporarily Stops Purchasing iOS Exploits Due to High Number of Submissions
Zerodium this week announced that it will not be purchasing any iOS exploits for the next two to three months due to a high number of submissions. In other words, the company has so many security vulnerabilities at its disposal that it does not need any more.
Zerodium is an exploit acquisition platform that pays researchers for zero-day security vulnerabilities and then sells them to institutional customers like government organizations and law enforcement agencies. The company focuses on high-risk vulnerabilities, normally offering between $100,000 and $2 million per fully functional iOS exploit.
Also at The Register and Wccftech.
Previously: Zero-Day Broker Publishes a Price Chart for Different Classes of Digital Intrusion
Exploit Vendor Drops Tor Browser Zero-Day on Twitter
Related Stories
THE TRADE IN the secret hacker techniques known as “zero day exploits” has long taken place in the dark, hidden from the companies whose software those exploits target, and from the privacy advocates who revile the practice. But one zero-day broker is taking the market for these hacking techniques into the open, complete with a full price list.
In an unprecedented move Wednesday, the zero-day broker startup Zerodium published a price chart for different classes of digital intrusion techniques and software targets that it buys from hackers and resells in a subscription service to customers that include government agencies. The list, which details the sums it pays for attack methods that effect[sic] dozens of different applications and operating systems, represents one of the most detailed views yet into the controversial and murky market for secret hacker exploits. “The first rule of [the] 0days biz is to never discuss prices publicly,” Zerodium CEO Chaouki Bekrar wrote in a message to WIRED prior to revealing the chart. “So guess what: We’re going to publish our acquisition price list.”
http://www.wired.com/2015/11/heres-a-spy-firms-price-list-for-secret-hacker-techniques/
A company that sells exploits to government agencies drops Tor Browser zero-day on Twitter after recent Tor Browser update renders exploit less valuable.
Zerodium, a company that buys and sells vulnerabilities in popular software, has published details today on Twitter about a zero-day vulnerability in the Tor Browser, a Firefox-based browser used by privacy-conscious users for navigating the web through the anonymity provided by the Tor network.
In a tweet, Zerodium said the vulnerability is a full bypass of the "Safest" security level of the NoScript extension that's included by default with all Tor Browser distributions.
NoScript is a browser extension that uses a whitelist approach to let the user decide from what domains the browser can execute JavaScript, Flash, Java, or Silverlight content. It is included with all Tor Browser distributions because it provides an extra layer of security for Tor Browser users.
Zerodium's Tor zero-day basically allows malicious code to run inside the Tor Browser by bypassing NoScript's script-blocking ability.
(Score: 4, Interesting) by leon_the_cat on Saturday May 16 2020, @12:30AM
https://en.wikipedia.org/wiki/Zerodium [wikipedia.org]
latest news from their front page
Apr 17, 2020 - We are always looking for Linux local privilege escalation exploits for CentOS or Debian. The exploit must allow privilege escalation to root from a standard user and must work with x64 systems with a default configuration.
Wonder how much they sell to organized crime?
(Score: 2) by Grishnakh on Saturday May 16 2020, @02:25AM
But, but, but... the Apple fans insist that iOS is ultra-secure and so much better than Android!!
(Score: 0) by Anonymous Coward on Saturday May 16 2020, @03:25AM (1 child)
↑ ↑ ↓ ↓ ← → ← → B A
(Score: 2) by PiMuNu on Saturday May 16 2020, @08:43AM
Double kick combo punch!
(Score: 0) by Anonymous Coward on Saturday May 16 2020, @10:25AM (1 child)
Someday these people will find out that there is no security, not even on theoretical level.
Information does not work that way.
Even if the logic of a piece of software or hardware is not modifiable, unexpected and carefully crafted combinations of logic and changes to the _meaning of signifiers_ that the logic is made of destroy every intentional design, every time.
I believe it not possible for a human or an arbitrarily large group of humans to map the complete space of what compiled executable or a chip of any complexity actually does, since many many things that it eventually can be persuaded to do are veiled, like... gadgets in the binaries or all them fancy Intel cpu attacks, for example.
(Score: 0) by Anonymous Coward on Saturday May 16 2020, @06:43PM
^^^ What they said!
(Score: 0) by Anonymous Coward on Saturday May 16 2020, @05:18PM (1 child)
There are a number of jobs where I wonder how one could do them and look themselves in the eye in the mirror in the morning. These guys fall into that bin for me.
(Score: 0) by Anonymous Coward on Saturday May 16 2020, @10:28PM
There was one supposed one on here. Basically an ultrapatriot who thought browns being glassed by drone strikes is swell.