Every time Apple releases new operating system, it always tries to improve the mistakes of the past. Therefore, Apple has introduced iOS 10 with the intention to fix bugs, provide a stable and user-friendly UI. But, with the arrival of a new operating system it also offers the opportunity to hack the system.
Zerodium Triples Its Zero Day iOS 10 Bounty To $1.5 Million
Security flaws in operating systems and devices we use every day are worth much. With the departure of iOS 10, the world of hacking is exploring possible ways to try and find exploits satisfactorily.
Zerodium is a company in charge of collecting exploits and giving it to government agencies, which allegedly used to spy on criminals, terrorists or other enemies. In the case of iOS, they have increased the number of reward up to $ 1.5 million for exploits that work on the latest versions of iPhones and iPads, tripling the maximum reward offered above. Last year it offered $1 million, but after receiving and accepting three exploits they decided to lower the amount to $500,000.
Both Apple and Google have improved the security of their operating systems, so they are more difficult to penetrate. Therefore, they have not only increased the rewards of exploits for iOS, but have doubled to $200,000 for the Android, and have increased to $80,000 for the Adobe Flash.
When asked why an exploit of the same type worth 7.5 times more if iOS instead of Android, Zerodium says it is a mixture of two reasons: because it is 7.5 times harder to find an exploit in iOS and especially because there are 7.5 times increased demand for an exploit for this operating system.
Apple announced that it would pay up to $250,000 to whoever found a serious flaw in its operating system. A user may have no intention of sending it to Apple if there is a company that offers nearly 6 times more. On the other hand, Google offers a maximum reward of $38,000, almost 6 times less than what Zerodium offers.
However, to qualify for the maximum reward amount, users have to send exploit that works perfectly and is able to take full control of the attacked device. The exploit can not be a series of lines of code to indicate where it is at fault, but must be a fully functional exploit. While to qualify for the rewards of Apple and Google basically much effort is required, since it is only necessary to indicate where is the fault.
There are slight differences between the exploits qualifying for the ultimate reward in the case of Apple and Zerodium. Apple seeks above all exploits that affect the boot, which is a key component in the event that a user loses the phone and someone can access your data. On the other hand, Zerodium is looking for the exploits that target the web browser or the kernel, through which it could gain access to the active device.