Jump to content
Sign in to follow this  
Admin

[Slashdot] - Complaining of 'Surplus' of iOS Exploits, Zerodium Stops Buying Them

Recommended Posts

wiredmikey writes: An abundance of iOS exploits being submitted to be sold should alarm iPhone/iPad users, according to the CEO of exploit acquisition firm Zerodium. The company announced that it was no longer buying certain types of iOS exploits in the next two to three months [including local privilege escalation, Safari remote code execution, and sandbox escape exploits] due to a surplus. And the company expects prices to drop in the near future. "iOS Security is fucked," Chaouki Bekrar, CEO of Zerodium said on Twitter, noting that they are already seeing many exploits designed to bypass pointer authentication codes and a few zero-day exploits that can help an attacker achieve persistence on all iPhones and iPads. "Let's hope iOS 14 will be better," he added. Bekrar said that only pointer authentication codes — which provide protection against unexpected changes to pointers in memory — and the difficulty to achieve persistence "are holding [iOS security] from going to zero."

twitter_icon_large.png facebook_icon_large.png

Read more of this story at Slashdot.

lNLAXI87y6w

View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using The Great Escaped Online Community, you agree to our Privacy Policy and Terms of Use