Discovering security flaws on iOS doesn't make much money anymore

Discovering security flaws on iOS doesn't make much money anymore

May 24, 2020 Off By admin

There are too many iPhone security vulnerabilities now.

Earlier this week, experts mentioned the fact that several security vulnerabilities are present on iOS, significantly lowering the value of these vulnerabilities that once could cost a large amount of money to discover it.

This article will also interest you: A security flaw discovered on the Safari browser would allow you to hack iPhones and Macs

The problem could surely come from the Cupertino firm's readiness to offer security fixes within a reasonable time frame. Indeed, when a security flaw is exposed publicly, it means that the security has already been plugged by the manufacturer or publisher of the programs concerned. This usually happens when manufacturers and computer security researchers conduct tests and bug-finding programs during the year the tool is made available. When these vulnerabilities are discovered, the manufacturing or publishing company is automatically informed often in exchange for financial consideration (more or less generous). This allows him to get a head start and prepare security patches to fill the gap.

However, the companies involved do not always react properly when a security flaw is discovered by an independent expert. What matters is the last most often to publicly communicate the generality, with the intention of either causing harm to the company or notifying users of the service (because the fault can cause huge problems for them). In some cases, companies are well informed but do not act quickly enough to produce the means necessary to close the security breach. This then makes it easier for hackers to use it to carry out their cyber-malveillance actions. "Sometimes things don't happen that way. And without a reaction from the companies involved, security researchers occasionally put them in front of the fait accompli, pointing the spotlight at large security holes still open and inviting hackers somewhere to rush into them. says Mathieu Chartier.

In this dynamic of discovery and transmission of loopholes in exchange for remuneration, a particular group was born. The one made up of people posing as wholesalers with security vulnerabilities. The aim of the latter is to massively buy the vulnerabilities discovered by independent researchers. These redeemed vulnerabilities allow them to either re-currency them with manufacturers for a more substantial income, or near developer or publisher of computer security solutions. Zerodium is one of those security vulnerability wholesalers. Recently this company announced in an official statement a news that will undoubtedly bring to the image of Apple. Indeed, the company specializing in the wholesale marketing of security vulnerabilities posted on its official Twitter page that it was suspending these activities of purchasing vulnerabilities from Apple devices. This is over a period of 2 to 3 months. The reason that could have pushed Zerodium would be a very large presence of security flaws from the Cupertino firm's devices.

According to the first zerodium official, Chouaki Bekrar, noted that the rewards for security flaws discovered on devices running on iOS for example dropped sharply. Some vulnerabilities that are not critical enough will be demonetized, making many people think that the market for iOS vulnerabilities is about to disappear. The head of the wholesaler firm did not fail to point out that the flaws discovered on Android smartphones are now much more expensive than those present on iOS. The eyes will then be on iOS 14 which is out by the end of this year. Experts expect an improvement in the security of this new version of iOS. For a brand that is known for its safety, this announcement of Zerodium will certainly hurt him. A security increase at iOS 14 would certainly be a way to enhance the market for vulnerabilities in iOS vulnerabilities.

Now access an unlimited number of passwords:

Check out our hacking software