Zerodium updated the 0-day vulnerability purchase price for Android and iOS

Just two days ago, the vulnerability trading platform Zerodium once again updated the relevant quotations for eligible Android and iOS 0-day vulnerabilities. We found that after this update, the Android 0 day vulnerabilities price exceeded the iOS 0-day vulnerabilities price since its inception in 2015.

The price update was released by Zerodium via Twitter. Zerodium researchers also said on Twitter that the 0-Click vulnerability returns for iMessage and WhatsApp have also increased, but according to current market trends, iOS 1-Click vulnerability reporting will be reduced. The exploit vector for the non-persistent RCE + LPE 0-Click vulnerability has now risen to $1.5 million, and the exploit price of the exploit vector is about $1 million.

Zerodium also introduced a new category of exploits. The Android platform’s 0-Click vulnerability full utilization chain is currently priced at $2.5 million, while the persistent attack technology or exploit vector for Apple iOS is worth only $500,000.

The amounts paid by ZERODIUM to researchers to acquire their original zero-day exploits depend on the popularity and security level of the affected software/system, as well as the quality of the submitted exploit (full or partial chain, supported versions/systems/architectures, reliability, bypassed exploit mitigations, default vs. non-default components, process continuation, etc),” adds Zerodium.

Via: bleepingcomputer