contador web Skip to content

Android failures now worth more than iOS

If you have had a feeling that the number of crashes affecting iOS has increased, be aware that this is not just a feeling; It's really happening. We recently commented on a bug which allowed websites to hack into root (root) iPhone only by accessing them, not to mention some other serious cases we reported this year.

This “glitch” of iOS crashes has unexpectedly had a negative effect on hackers and experts living off Ma's mobile system bug fixes, as reported by VICE. In this case, the ZERODIUM (one of the companies that have a bug bounty program) has announced a new price structure that values ​​the vulnerabilities of Android over those of iOS.

More precisely, certain flaws in Google's mobile operating system that allow full access to the device without requiring the user to do anything (zero click) now worth $ 2.5 million while the same vulnerability on iOS costs $ 2 million.

as if iOS's "reliability" index were lowered, since the chances of a new bug appearing are high and no one is willing to go out paying worlds and funds for the action. So true that the firm also diminished the bounty for bug finding zero click iOS from $ 1.5 million to $ 1 million. ZERODIUM founder Chaouki Bekrar explained this devaluation:

The unexplored bug market flooded with iOS bugs, mostly involving Safari and iMessage, due to the fact that many security researchers have focused on exploiting iOS bugs full time. They absolutely destroy the security and protection barriers of the system. There are so many kinds of flaws (from iOS) that we are starting to refuse some of them.

Thinking of Android, Bekar said it is very difficult and time-consuming to develop complete chains of flaws in the world's most popular operating system. He added that even Apple "once again improves the security of iOS components" such as Safari and iMessage, Android vulnerabilities will be more valuable.

It is important to note, however, that ZERODIUM (as well as Crowdfense) is only part of the bug bounty program market; That is, this does not necessarily indicate that researchers will no longer continue to investigate Ma's system after all, Apple itself has recently expanded the rewards of its program, increasing its participation in that niche.

via ZDNet