Zerodium which was previously engaged in the acquisition and sale of vulnerabilities, will temporarily be shutting off the acceptance of information about the emerging exploitations of Apple iOS; either in the remote code of Safari or the Sandbox Escape.
The Zerodium company engaged in the acquisition and sale of exploits will temporarily stop accepting information about local privilege escalation vulnerabilities in Apple iOS, remote code execution in the Safari web browser, or sandbox escape. This solution is associated with a huge number of messages related to similar attack vectors. According to Zerodium CEO Chaouki Bekrar, the company is also aware of “several” zero-day vulnerabilities affecting “all iPhones and iPads.”
Over the past two months, the price for exploits for RCE vulnerabilities with a sandbox escape in Safari has dropped from $ 500 thousand to $ 200 thousand. At present, the company pays “$ 0 dollars for such exploits that we no longer need,” Bekrar said. “The zero-day vulnerability market is based on supply and demand. A sharp increase in the offer of exploits for vulnerabilities in a particular product means that its security level is reduced, as well as the price of these exploits, ”Bekrar explained.